Sudo, the one command to rule them all. It stands for “super user do!” Pronounced like “sue dough” As a Linux system administrator or power user, it’s one of the most important commands in your arsenal. Have you ever tried to run a command in terminal only to be given “Access Denied?” Well this is the command for you! But, with great power comes great responsibility! It is much better than logging in as root, or using the su “switch user” command. Read on to see what sudo can do for you!
SUDO: What is it good for?
So what does sudo actually do? If you prefix “sudo” with any linux command, it will run that command with elevated privileges. Elevated privileges are required to perform certain administrative tasks. Someday you may wish to run a LAMP (Linux Apache MySQL PHP) server, and have to manually edit your config files. You might also have to restart or reset the Apache web server or other service daemons. You even need elevated privileges to shutdown or restart the computer. “Hey, who turned this thing off?!”
If you are familiar with Windows, it is very similar to the Windows User Account Control dialog box that pops up when you try to do anything important, just not as friendly. In Windows, if you try to perform an administrative task, a dialog box asks you if you wish to continue (“Are you really sure your want to run that program you just clicked on?”). The task is then performed. On a Mac, a security dialog box pops up and you are required to type in your password and click OK.
It is more of a dramatic story in Linux. Things might behave quite strangely without the proper permissions. The important config file you were editing may not save correctly. A program you installed may simply refuse to run. That awesome source code you downloaded and need to compile, wont. You might even be lucky enough to given an “Access Denied” or another friendly error message. All your worst fears have come true, but all you needed to do was ask for permission! That is why we want to remember to ask for superuser permissions upfront like this:
If you are familiar with Windows, it is very similar to the Windows User Account Control dialog box that pops up when you try to do anything important, just not as friendly. In Windows, if you try to perform an administrative task, a dialog box asks you if you wish to continue (“Are you really sure your want to run that program you just clicked on?”). The task is then performed. On a Mac, a security dialog box pops up and you are required to type in your password and click OK.
It is more of a dramatic story in Linux. Things might behave quite strangely without the proper permissions. The important config file you were editing may not save correctly. A program you installed may simply refuse to run. That awesome source code you downloaded and need to compile, wont. You might even be lucky enough to given an “Access Denied” or another friendly error message. All your worst fears have come true, but all you needed to do was ask for permission! That is why we want to remember to ask for superuser permissions upfront like this:
sudo reboot
Watch what happens in this screenshot if we don’t first elevate our permissions with sudo:
First we use the reboot command to try and reboot the system. The command fails citing: “must be superuser”. We then try with sudo reboot. Sudo asks for your user password. Note that it is asking for your password, not the root password. Finally we see the broadcast message that the system will be rebooted now. Sudo is like saying the magic word. It might as well be named opensesame or abracadabra or even bippityboppitybacon.
First we use the reboot command to try and reboot the system. The command fails citing: “must be superuser”. We then try with sudo reboot. Sudo asks for your user password. Note that it is asking for your password, not the root password. Finally we see the broadcast message that the system will be rebooted now. Sudo is like saying the magic word. It might as well be named opensesame or abracadabra or even bippityboppitybacon.
Why is it better than the alternative?
Sudo is the best and safest way to elevate privileges. Lets take a look at another way of doing things. The switch user command, “su” will ask you for the root password and give you a superuser prompt, signified by the # symbol. That # symbol means “DANGER! YOUR LOGGED IN AS ROOT!” The first command you issue may go well. But your forgetfulness will cause you to stay logged in as root. One bad typo and BAM! You erased the entire hard drive instead of that fake mp3 you downloaded. The cat decides to lay on your nice warm laptop. POOF! Your web server and home business are gone! With the sudo command, you have to enter in “sudo” before every command. Thus you don’t have to remember to switch back to regular user mode, and fewer accidents will happen.
The Sudoers File
This file is the seedy underbelly of sudo. It controls who can use the sudo command to gain elevated privileges. It is usually located at /etc/sudoers. The best and safest way to edit this file is by using the visudo command. This command will start the vi editor with elevated privileges so that you can edit the file and save it. It also will put a filelock on the sudoers file so that no one else can edit it. Once your done editing it, it will parse the file for simple errors. It is a much safer way of editing the sudo file than just using any old text editor.
This file contains many parameters. You can specify which users of which groups can perform what commands. We are simply going to grant ourselves access to sudo by adding:
This file contains many parameters. You can specify which users of which groups can perform what commands. We are simply going to grant ourselves access to sudo by adding:
username ALL=(ALL) ALL //gives user "username" sudo access %wheel ALL=(ALL) ALL //Gives all users that belong to the wheel group sudo access
at the bottom. Now the specified username will be able to use all root privileges. You can also allow a user or group to have sudo access to only specific services or servers in replace of the ALL parameter, but, that’s a topic for another day.
Some Options
Like any good command there are a few nifty options to make sudo, do more!
sudo –b will run the command in the background. This is useful for commands that display a lot of output as they are running.
sudo –s will run the shell specified with elevated privlages, giving you the # prompt (don’t forget to exit!)
sudo su – will make you the root user and load your custom user environment variables.
sudo –b will run the command in the background. This is useful for commands that display a lot of output as they are running.
sudo –s will run the shell specified with elevated privlages, giving you the # prompt (don’t forget to exit!)
sudo su – will make you the root user and load your custom user environment variables.
No comments:
Post a Comment