music
OSdata.com: programming text book 

OSdata.com

sudo

summary

    This subchapter looks at sudo, a UNIX (and Linux) command.

    WARNING: Never trust any Terminal/Shell commands you find on the internet. Only run shell commands you understand. In particular, never run anything that includes sudo anywhere in the command line unless you are absolutely certain what the command does. When you run a command line with sudo you are giving permission to have complete (possibly destructive) control of your computer at the root level. And, yes, this advice applies even to this website. Don’t run any commands with sudo unless you know for sure what you are doing.

free book on UNIX/Linux System Administration

Teach Yourself UNIX/Linux System Administration and Shell Programming

free computer programming text book project

table of contents
If you like the idea of this project,
then please donate some money.
more information on donating

Google

sudo

    This subchapter looks at sudo, a UNIX (and Linux) command.

    WARNING: Never trust any Terminal/Shell commands you find on the internet. Only run shell commands you understand. In particular, never run anything that includes sudo anywhere in the command line unless you are absolutely certain what the command does. When you run a command line with sudo you are giving permission to have complete (possibly destructive) control of your computer at the root level. And, yes, this advice appies even to this website. Don’t run any commands with sudo unless you know for sure what you are doing.

sudo

    The sudo command allows you to run a single command as another user, including at superuser or root level from a normal account. You will be asked for the password before the command will actually run.

    This keeps you firmly in a normal account (with less danger of catastrophic failures), while still giving easy access to root or superuser power when really needed.

    The sudo program was originally written by Bob Coggeshall and Cliff Spencer in 1980 at the Department of Computer Science at SUNY/Buffalo.

    sudo is a concatenation of su (substitute user) and do (perform an action).

    To run a single command as superuser or root, type sudo followed by a command.

    $ sudo command

    You will normally be asked for your password (exceptions listed below).

    sudo can be configured to not require a password (very bad idea other than single user personal systems). sudo can also be configured to require the root password (rather than the current user’s password).

    On Mac OS X the sudo command will fail if your account has no password.

    On Mac OS X the sudo commands password prompt will not display anything (not even bullets or asterisks) while you type your password.

    You will not be asked for a password if you use sudo from the root or superuser account. You will not be asked for a password if you use sudo and the target user is the same as the invoking user.

    Some systems have a timer set (usually five minutes). You can run additional sudo commands without a password during the time period.

run in root shell

    To change to in the root shell, type sudo followed by the option -s. The following warning is from Mac OS X (entered a root shell and then immediately returned to the normal shell). Note the change to the pound sign ( # ) prompt.

    $ sudo -s

    WARNING: Improper use of the sudo command could lead to data loss
    typing when using sudo. Type "man sudo" for more information.

    To proceed, enter your password, or type Ctrl-C to abort.

    Password:
    bash-3.2# exit
    $

other users

    To run a command as another user, type sudo followed by the option -u followed by the user account name followed by a command.

    $ sudo -u username command

    To view the home directory of a particular user:

    $ sudo -u username ls ~username

edit files as www

    To edit a file (this example is for index.html) as user www:

    $ sudo -u www vim ~www/htdocs/index.html

which password

    On most systems, you will authenticate with your own password rather than with the root or superuser password. The list of users authorized to run sudo are in the file /usr/local/etc/sudoers or /etc/sudoers (on Mac OS X, /private/etc/sudoers). These authorized users are identified in the sudoers file as admin.

    The sudoers configuration file offers a wide variety of configuration options, including enabling root commands only from the invoking terminal; not requiring a password for certain commands; requiring a password per user or per group; requiring re-entry of a password every time for particular command lines; never requiring re-entry of a password for a particular command line. The sudoers configuration file can also be set support the passing of arguments or multiple commands and also supports commands with regular expressions.

timeout

    sudo can set timeout limits. This is done with the timeout option. This can be configured globally, per user, or per application. The timeout can be retained only per tty or globally per user. The user or application only has root authentication until the timeout occurs.

forgot to use sudo

    Sometimes you type a command and forget that you needed to use sudo until you see the error message. You can type sudo !! to run the previous command with root privileges.

    $ head /etc/passwd
    head: /etc/passwd: Permission denied
    $ sudo !!

unreadable directories

    To view unreadable directories:

    $ sudo ls /usr/local/protected

shutdown

    To shutdown a server:

    $ sudo -r +15 "quick reboot"

saving system file in vim

    The ideal method for editing and saving a system file that can only be saved by the root user is to prepend the vim command with sudo. Then the vim command :w will work because the vim program was launched with root privileges.

    $ sudo vim /etc/passwd
    $ some editing commands
    $ :w

    So, what do you do if you start editing the file and then remember that you need root permission to save it? Add !sudo tee % to the vim save command.

    $ vim /etc/passwd
    $ some editing commands
    $ :w !sudo tee %

usage listing

    To make a usage listing of the directories in the /home partition (note that this runs the commands in a sub-shell to make the cd and file redirection work):

    $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"

view sudoers configuration

    To view the sudoers current configuration settings, type:

    $ sudo -ll

editing sudoers file

    Run the visudo command line tool to safely edit the sudoers configuration file. You will be presented with the vi editing interface (this can be changed by setting the shell EDITOR environment variable to a different text editor, such as emacs.

    Any syntax error in the sudoers configuration file will make sudo stop working globally. Therefore, always use visudo to edit the sudoers file. visudo also provides security locks to prevent multiple simultaneous edits and other possible security problems.

graphic equivalents

    The utilities kdesudo (KDE) and gksudo (Gnome) provide a graphic user interface version of sudo (both are based on sudo). Mac OS X Authorization Services provides a graphic user interface with adminstrative privileges (but is not based on the UNIX sudo).

start a shell as root

    If you need to do extended work as root, you can start up a root shell from your user account:

    $ sudo bash

running commands as root

    sudo only works for programs, not for any built-in commands. If you attempt it, you will get an error message stating command not found. The solution is to start a root shell:

    $ sudo bash

security

    The system can be set up to send a mail to the root informing of unauthorized attempts at using sudo.

    The system can be set up to log both successful and unsuccessful attempts to sudo.

    Some programs (such as editors) allow a user to run commands via shell escapes, avoiding sudo checks. You can use sudo’s noexec functionality to prevent shell escapes.

    sudo never does any validation of the ARGUMENTS passed to a program.

    sudo defaults to extensive logging, using the syslogd system log daemon to log all commands issued with sudo into a cnetral host and local host file. This allows a complete audit trail of system access.

    A system can be setup so that all machines in a system use the same sudoers file, allowing better central administration of a network.

trace

    You can’t sudo strace … (fill in the rest of the command any way you want) because sudo can’t gain its privileges while being traced.

polkit alternative

    polkit (formerly PolicyKit) is an alternative control component for system-wide privileges.

other

    In June 2009, Ken Milberg named this command as one of the Top 50 universal UNIX commands at this web page Top 50 Universal INIX commands. Note that this web page requires agreeing to be spammed before you can read it.


comments, suggestions, corrections, criticisms

please contact us

your name:
email address:
phone number:
message:

free music player coding example

    Coding example: I am making heavily documented and explained open source code for a method to play music for free — almost any song, no subscription fees, no download costs, no advertisements, all completely legal. This is done by building a front-end to YouTube (which checks the copyright permissions for you).

    View music player in action: www.musicinpublic.com/.

    Create your own copy from the original source code/ (presented for learning programming).

This section is under the category of owning cirticism.

In response to a posting about my article collecting social media, Moderator +Andrew Smith (Technology addict, Web Developer, API guru, futsal and football wannabe, and all round nice guy!, Swordfox Design, arrowtown, new zealand) of the Google+ community Web Developers, Web Designers, Web Coding claims “Quite frankly this is self promotion, and your site is not of great quality. I can see how +Joost Schuur  would think this of not high enough a standard.”


return to table of contents
free downloadable college text book
free downloadable system administrator and shell programming book

view text book
HTML file

Because I no longer have the computer and software to make PDFs, the book is available as an HTML file, which you can convert into a PDF.

previous page next page
previous page next page

free book on UNIX/Linux System Administration

Teach Yourself UNIX/Linux System Administration and Shell Programming

free computer programming text book project

Building a free downloadable text book on computer programming for university, college, community college, and high school classes in computer programming.

If you like the idea of this project,
then please donate some money.

send donations to:
Milo
PO Box 1361
Tustin, California 92781

Supporting the entire project:

    If you have a business or organization that can support the entire cost of this project, please contact Pr Ntr Kmt (my church)

more information on donating

Some or all of the material on this web page appears in the
free downloadable college text book on computer programming.


Google


Made with Macintosh

    This web site handcrafted on Macintosh computers using Tom Bender’s Tex-Edit Plus and served using FreeBSD .

Viewable With Any Browser


    †UNIX used as a generic term unless specifically used as a trademark (such as in the phrase “UNIX certified”). UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Ltd.

    Names and logos of various OSs are trademarks of their respective owners.

    Copyright © 2012, 2013 Milo

    Created: July 5, 2012

    Last Updated: January 10, 2013


return to table of contents
free downloadable college text book
free downloadable system administrator and shell programming book

previous page next page
previous page next page