Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
why use sudo
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
kaji
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jan 2004
Posts: 87
Location: Connecticut, USA, Terra, Sol, Milky Way

PostPosted: Thu Mar 31, 2005 2:45 pm    Post subject: why use sudo Reply with quote

i have never used sudo and never had a need for it. i only know about it because i was looking for a secure way to run an emerge and leave the computer without someone stopping the emerge and doing whatever and restarting my emerge without me knowing... or at least not right away. i have seen a number of posts stating that sudo is the way to do it but i found that su can do the same thing without installing anything. so i am asking what can sudo that su by itself cannot?

btw the syntax for su is like this
<code>su -c "<command>"</code>
quotes are optional if you are running a command without an argument.
_________________
KajiShinigami
Back to top
View user's profile Send private message
lopez
n00b
n00b


Joined: 24 Jun 2004
Posts: 52
Location: Toledo, OH USA

PostPosted: Thu Mar 31, 2005 3:18 pm    Post subject: Reply with quote

It allows you to run commands as the superuser or another user on your system. It does this by not giving out the superuser password or the other users password. With su you have to use/give out the root password if you need another user to run a root priveleged program.

Also with sudo you selectively give access to the components you want them to have. Much care is needed though as the user will be running that program w/ full root access still.
Back to top
View user's profile Send private message
kaji
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jan 2004
Posts: 87
Location: Connecticut, USA, Terra, Sol, Milky Way

PostPosted: Thu Mar 31, 2005 3:25 pm    Post subject: Reply with quote

i am not sure if i understand the point of sudo. from what you are telling me it sounds like sudo is like setting the superuser flag. that cannot be all it is for
_________________
KajiShinigami
Back to top
View user's profile Send private message
lopez
n00b
n00b


Joined: 24 Jun 2004
Posts: 52
Location: Toledo, OH USA

PostPosted: Thu Mar 31, 2005 3:32 pm    Post subject: Reply with quote

Basically the general thing for being security minded is you want to run root the least amount as possible. Also sudo is for handing out access to users that need to run "root" commands with you giving out the password. The Description from the man page about sums it up.

From the man page:

Quote:
DESCRIPTION
sudo allows a permitted user to execute a command as the superuser or
another user, as specified in the sudoers file. The real and effective
uid and gid are set to match those of the target user as specified in
the passwd file (the group vector is also initialized when the target
user is not root). By default, sudo requires that users authenticate
themselves with a password (NOTE: by default this is the user's pass-
word, not the root password). Once a user has been authenticated, a
timestamp is updated and the user may then use sudo without a password
for a short period of time (5 minutes unless overridden in sudoers).
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1181
Location: Motown

PostPosted: Thu Mar 31, 2005 3:34 pm    Post subject: Reply with quote

I'm not a sudo expert (no black belt), but I do use it for a couple of things.
The main thing is that allows some users to do some things with other users privileges (root being the most common case I presume) without the need for them to login as the other user or to know the other users password(s). Of course "some users" and "some things" are general cases that could mean "all users" and "all things" or "one user" and "one thing".
I use it to allow for system shutdown and for running freshclam as an ordinary user (both normally require root privileges) and also to run commands as another user. In none of these cases do I need to become the other user or supply a password (although this is configurable).
In general it saves time, provides for better security, and adds flexibility.

Chris
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
justanothergentoofanatic
Guru
Guru


Joined: 29 Feb 2004
Posts: 337

PostPosted: Thu Mar 31, 2005 4:38 pm    Post subject: Reply with quote

Sudo is a very primitive attempt at implementing access control lists in unix. If there is more than one system administrator accessing the same machine, sudo can limit users to particular roles and provide basic auditing information.

Unfortunately, its configuration is extremely error prone because it works solely on pattern matching; it is extremely easy to accidentally give users extra privleges. And while sudo is intended to make your system more secure, it has a long history of privledge escalation exploits, making it a security risk in its own right.

Quote:
i was looking for a secure way to run an emerge and leave the computer without someone stopping the emerge and doing whatever and restarting my emerge without me knowing... or at least not right away.
GNU screen is what you want. It allows you to lock the console while your terminal session continues. The default keybinding for this is C-a C-x.

-Mike
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1181
Location: Motown

PostPosted: Thu Mar 31, 2005 6:01 pm    Post subject: Reply with quote

justanothergentoofanatic wrote:
GNU screen is what you want.

Good call. Missed the second part of the question. I use sudo and I use screen, but I use screen for what the OP is looking to do.
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
kaji
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jan 2004
Posts: 87
Location: Connecticut, USA, Terra, Sol, Milky Way

PostPosted: Thu Mar 31, 2005 8:21 pm    Post subject: Reply with quote

GNU screen sounds like exactly what i was looking for, thanks for the info
_________________
KajiShinigami
Back to top
View user's profile Send private message
jonnevers
Veteran
Veteran


Joined: 02 Jan 2003
Posts: 1594
Location: Gentoo64 land

PostPosted: Thu Mar 31, 2005 11:14 pm    Post subject: Reply with quote

I love screen. I use it to handle long tasks from various locations, no reason to waste bandwidth with an SSH shell.
Back to top
View user's profile Send private message
nixnut
Bodhisattva
Bodhisattva


Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains

PostPosted: Sun Jul 31, 2005 12:06 pm    Post subject: Reply with quote

Dupe of https://forums.gentoo.org/viewtopic-t-314119.html, therefore moved from Other Things Gentoo to Duplicate Threads.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum