- Sudo
Infobox Software
name = sudo
developer = Todd C. Miller
caption = sudo in a terminal
latest release version = 1.6.9p15
latest release date =March 27 ,2008
latest preview version = 1.7b4
latest preview date =March 28 ,2008
operating system =Unix-like
genre = Privilege authorization
license = ISC-style [ [http://www.sudo.ws/sudo/license.html Sudo License ] ]
website = http://www.sudo.ws/The sudo ("super user do"; officially pronEng|ˈsuːduː, [cite web |url=http://www.gratisoft.us/sudo/ |title=Sudo Main Page |author=Miller, Todd C |accessdate=2007-03-05] though IPA|/ˈsuːdoʊ/ is also common) command is a program for
Unix-like computeroperating system s that allows users to run programs with the security privileges of another user (normally thesuperuser ). By default, sudo will prompt for a user password but it may be configured to require the root password or no password at all. [cite web |url=http://www.gratisoft.us/sudo/man/sudo.html |title=Manpage for sudo |accessdate=2007-11-04] sudo is able to log each command run and in some cases has completely supplanted the superuser login for administrative tasks, most notably in Ubuntu Linux and Apple'sMac OS X . [ [https://help.ubuntu.com/community/RootSudo RootSudo - Community Ubuntu Documentation ] ] [ [http://www.macdevcenter.com/pub/a/mac/2002/10/22/macforunix.html MacDevCenter.com - Top Ten Mac OS X Tips for Unix Geeks ] ]The program was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of
Computer Science at SUNY/Buffalo. The current version is maintained by OpenBSD developer Todd C. Miller and distributed under a BSD-style license. [cite web|url=http://www.gratisoft.us/sudo/history.html|title=A Brief History of Sudo|author=Miller, Todd C|accessdate=2007-03-05]Design
Before running a command with sudo, users typically supply their
password . Once authenticated, and if the/etc/sudoers
configuration file permits the user access, then the command is run. There exist several graphical frontends for use in a GUI environment, notably kdesu, [https://launchpad.net/kdesudo kdesudo] and gksudo;Mac OS X also has the "authorization services", a GUI equivalent to sudo. By default, the user's password will be retained for fifteen minutes [As stated in the sudo(8) man page.] , allowing the user to execute several successive commands as root without having to provide his or her password multiple times.The following is an example where the user is denied access:
snorri@rimu:~$ sudo vi /etc/resolv.confWe trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.
Password: snorri is not in the sudoers file. This incident will be reported. snorri@rimu:~$
Below is the log of this failed attempt, then a later successful one, after "snorri" has been added to /etc/sudoers:
snorri@rimu:~$ sudo tail /var/log/auth.log Aug 5 06:00:28 localhost sudo: snorri : user NOT in sudoers ; TTY=pts/1 ; PWD =/home/snorri ; USER=root ; COMMAND=/usr/bin/vi /etc/resolv.conf Aug 5 06:01:15 localhost su [15573] : (pam_unix) session opened for user root by snorri(uid=1000) Aug 5 06:02:09 localhost sudo: snorri : TTY=pts/1 ; PWD=/home/snorri ; USER=root ; COMMAND=/usr/bin/vi /etc/resolv.conf Aug 5 06:02:49 localhost sudo: snorri : TTY=pts/1 ; PWD=/home/snorri ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.logSee also
*
Comparison of privilege authorization features
*setuid
* su
*sysctl
*User Account Control
*runas References
External links
* [http://www.sudo.ws The sudo homepage]
* [http://sourceforge.net/projects/rootsh rootsh] and [http://sourceforge.net/projects/sudosh/ sudosh] , sudo wrappers for logging
* [http://rixstep.com/2/20070201,00.shtml "Sudo Fun"] , a brief sudo guide
* [http://xkcd.com/149/ "xkcd"] , an illustrated example
Wikimedia Foundation. 2010.