HB Computer Security | Aide Memoire
  • Introduction
  • Core Technical Skills
    • Core Skills
      • Linux
        • Getting to Know Linux
          • Using the Shell
            • Shells, Terminals, and Virtual Consoles
            • Choose your Shell
            • Shell Commands
              • Non-PATH Commands
              • Command History
                • Command Line Editing
                  • Keystrokes for Navigating Command Lines
                  • Keystrokes for Editing Command Lines
                  • Keystrokes for Cutting and Pasting Text from within Command Lines
                • Command Line Recall
                  • Keystrokes for Command Line Recall
              • Connecting and Expanding Commands
                • Piping Between Commands
                • Sequential Commands
                • Expanding Commands
            • Shell Variables
              • Common Shell Variables
            • Aliases
            • Create your Own Shell Environment
              • Modification Ideas
          • Navigating the Linux File System (LFS)
            • Filesystem Commands
            • Listing Files and Directories
            • File Permissions and Ownership
              • Modifying Permissions with chmod
              • Modifying Default Permissions with umask
              • Change File Ownership with chown
            • Copying, Moving, and Removing Files
            • Finding Files
              • locate
              • find
              • grep
            • Downloading Files
              • axel
              • wget
              • curl
                • User-Agent: Googlebot
          • Working with Text Files
            • Using vim and vi to Edit Text Files
              • Starting with vi
              • Adding Text
              • Moving Around in the Text
            • Text Manipulation
        • System Administration
          • Installing Linux
            • Installing from Live Media
            • Installing in the Enterprise
            • Partitioning Hard Disks
              • Tips for Creating Partitions
          • Account Administration
            • The root Account
              • Becoming root with su
              • sudo
                • The /etc/sudoers File
                • Granting sudo privileges
                  • visudo Guidance
                • Useful sudo Hints
            • Other Administrative Accounts
            • Standard User Accounts
              • Risks of userdel: Orphaned Files
          • Graphical Remote Administration
            • Cockpit
              • Installation Guide
            • Remote Desktop Protocol with xrdp
              • Installation and Configuration
            • Remote Desktop with vnc
              • Installation and Configuration
              • Running VNC as a System Service
          • Managing Running Processes
            • Listing Processes
              • ps
              • top
              • htop
            • Backgrounding and Foregrounding
              • Starting a Background Process
              • Using Foreground and Background Commands
            • Killing and Recining Processes
              • kill and killall
          • Managing Software
            • Managing Software from the Desktop
            • Going Beyond the Limitations of Software Center
              • Debian Packages
                • Advanced Package Tool (apt)
                • Repositories
                • dpkg
        • Shell Scripting
          • Variables
            • Command Substitution
            • Arguments
          • Reading User Input
          • if, else, and elif
          • BOOLEAN Logic
          • Loops
            • for Loops
            • while Loops
          • Functions
          • Local Vs Global Variables
          • Summary
        • Securing Linux
      • Windows
        • Security Hardening
Powered by GitBook
On this page

Was this helpful?

  1. Core Technical Skills
  2. Core Skills
  3. Linux
  4. System Administration
  5. Account Administration
  6. The root Account

sudo

PreviousBecoming root with suNextThe /etc/sudoers File

Last updated 1 year ago

Was this helpful?

The sudo command is a powerful tool that offers a more controlled method of granting administrative privileges to regular users without sharing the root password. When using sudo, a user can execute commands with root-level privileges while their actions are logged, which provides an audit trail of who did what.

In contrast to su, which switches your session to the root user, sudo executes a single trailing command with elevated privileges. This allows for a more granular level of access control, as you can configure exactly which commands each user is allowed to run as root or any other user. The sudoers facility is the most common way to provide such privilege.

Using sudoers for any users or groups on the system, you can do the following:

  • Assign root privilege for any command they run with sudo

  • Assign root privilege for a select set of commands

  • Give users root privilege without sharing the root password; users provide their own password to gain root privilege

  • Allow users, if you choose, to run sudo without entering a password at all

  • Track which users have run administrative commands on your system

If a user leverages su, all you know is that someone with the root password logged in. Beyond this, oversight of their activities is limited. With the sudo command, logs are created to capture which user run an administrative command, providing a more verbose account of privileged user actions

With the sudoers facility, giving full or limited root privileges to any user simply entails adding the user to the /etc/sudoers file, and defining what privilege you want that user to have. Then, the user can run any command they have been granted privileges for by preceding said command with sudo .

For example, here we see a standard user trying to view the contents of the /etc/shadow file, and then again via sudo:

Privileged Vs Un-Privileged execution