music

OSdata.com

sudo

summary

    This subchapter looks at sudo, a UNIX (and Linux) command.

free book on UNIX/Linux System Administration Teach Yourself UNIX/Linux System Administration and Shell Programming free computer programming text book project table of contents If you like the idea of this project, then please donate some money. more information on donating

sudo

    This subchapter looks at sudo, a UNIX (and Linux) command.

sudo

    The sudo command allows you to run a single command as another user, including at superuser or root level from a normal account. You will be asked for the password before the command will actually run.

    This keeps you firmly in a normal account (with less danger of catastrophic failures), while still giving easy access to root or superuser power when really needed.

    The sudo program was originally written by Bob Coggeshall and Cliff Spencer in 1980 at the Department of Computer Science at SUNY/Buffalo.

    To run a single command as superuser or root, type sudo followed by a command.

    $ sudo command

    On Mac OS X the sudo command will fail if your account has no password.

    On Mac OS X the sudo commands password prompt will not display anything (not even bullets or asterisks) while you type your password.

    You will not be asked for a password if you use sudo from the root or superuser account. You will not be asked for a password if you use sudo and the target user is the same as the invoking user.

    Some systems have a timer set (usually five minutes). You can run additional sudo commands without a password during the time period.

run in root shell

    To change to in the root shell, type sudo followed by the option -s. The following warning is from Mac OS X (entered a root shell and then immediately returned to the normal shell). Note the change to the pound sign ( # ) prompt.

    $ sudo -s

    WARNING: Improper use of the sudo command could lead to data loss
    typing when using sudo. Type "man sudo" for more information.

    To proceed, enter your password, or type Ctrl-C to abort.

    Password:
    bash-3.2# exit
    $

other users

    To run a command as another user, type sudo followed by the option -u followed by the user account name followed by a command.

    $ sudo -u username command

    To view the home directory of a particular user:

    $ sudo -u username ls ~username

edit files as www

    To edit a file (this example is for index.html) as user www:

    $ sudo -u www vim ~www/htdocs/index.html

which password

    On some systems, you will authenticate with your own password rather than with the root or superuser password. The list of users authorized to run sudo are in the file /etc/sudoers (on Mac OS X, /private/etc/sudoers).

unreadable directories

    To view unreadable directories:

    $ sudo ls /usr/local/protected

shutdown

    To shutdown a server:

    $ sudo -r +15 "quick reboot"

usage listing

    To make a usage listing of the directories in the /home partition (note that this runs the commands in a sub-shell to make the cd and file redirection work):

    $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"

security

    The system can be set up to send a mail to the root informing of unauthorized attempts at using sudo.

    The system can be set up to log both successful and unsuccessful attempts to sudo.

    Some programs (such as editors) allow a user to run commands via shell escapes, avoiding sudo checks. You can use sudo’s noexec functionality to prevent shell escapes.

other

    In June 2009, Ken Milberg named this command as one of the Top 50 universal UNIX commands at this web page Top 50 Universal INIX commands. Note that this web page requires agreeing to be spammed before you can read it.

---