User login

Home
 sudo vs root

sudo vs root

Submitted by Benjamin Melançon on December 14, 2006 - 12:41pm
in

keywords: sudo access sudoize user

Agaric Design's sysadmin explains the world of sudo...

Never ever ever ever give someone root. The better thing to do would to add an account to the sudoers list. Do you know about sudo? It temporarily grants a user superuser abilities, hence S(uper) U(ser) DO. Basically, you add the user to the /etc/sudoers file. The sudo manual suggests using the program "visudo" to edit the list, which as you may have guessed invokes the vi editor. I had no problem using pico or nano, since I abhor both vi and emacs. The format for sudoers is as follows:

<user> <HOST> = <COMMAND LIST>

For example, there is an entry for root in sudoers that looks like:

root       ALL = ALL

which means that root can execute all superuser commands on all hosts.

[If you don't have anything against vi, you can use the proper visudo method by logging in as root su root (if already logged in otherwise) and typing simply visudo.]

To give -temporary- root privileges, create a new user with its own password, and add it to the sudoers list. Then, after the machine's up and running, remove the user from the sudoers list.

Oh, and so you know, to actually USE sudo, you have to put "sudo" before the command. For example (don't actually follow this example):

sudo shutdown -h now  <strong>(again, don't do this)</strong>

Hope this helps!

keywords: sudo access sudoize user

Agaric Design's sysadmin explains the world of sudo...

Never ever ever ever give someone root. The better thing to do would to add an account to the sudoers list. Do you know about sudo? It temporarily grants a user superuser abilities, hence S(uper) U(ser) DO. Basically, you add the user to the /etc/sudoers file. The sudo manual suggests using the program "visudo" to edit the list, which as you may have guessed invokes the vi editor. I had no problem using pico or nano, since I abhor both vi and emacs. The format for sudoers is as follows:

<user> <HOST> = <COMMAND LIST>

For example, there is an entry for root in sudoers that looks like:

root       ALL = ALL

which means that root can execute all superuser commands on all hosts.

[If you don't have anything against vi, you can use the proper visudo method by logging in as root su root (if already logged in otherwise) and typing simply visudo.]

To give -temporary- root privileges, create a new user with its own password, and add it to the sudoers list. Then, after the machine's up and running, remove the user from the sudoers list.

Oh, and so you know, to actually USE sudo, you have to put "sudo" before the command. For example (don't actually follow this example):

sudo shutdown -h now  <strong>(again, don't do this)</strong>

Hope this helps!

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <small> <h2> <h3> <h4> <h5> <h6> <sub> <sup> <p> <br> <strike> <table> <tr> <td> <thead> <th> <tbody> <tt> <output>
  • Lines and paragraphs break automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.