Sharing Root Powers via Sudo

Sharing Root Powers via Sudo

You may be wondering if it's always necessary to switch to root user in order to perform system maintenance. Although it's easy to type su to temporarily switch to root, it's also sometimes easy to forget that you're running as root user. Because of this, it can become very easy to make devastating mistakes.

For this reason, the sudo command was invented. Inserted before a command, this gives the user one-time root powers for that command only. When the command has finished running, the user returns to being an ordinary user. Technically speaking, the sudo command lets one user run a command as any other user. However, in most cases, it is used to temporarily gain root powers. (For more information, see the sudo man page.)

By default, under SUSE Linux, the sudo command works by asking for the root password. For example, typing the following:

sudo vi /etc/fstab

will cause a password prompt to appear. Once the root password has been entered, vi will run as if it were started by root.

On some other Linux systems, sudo is used in a different way, which trades system security for convenience. In such a case, sudo can be used to adopt root powers without the user needing to know the root password. Instead, the user's password is entered. This might seem like casting security concerns to the wind, and it's certainly something that should be adopted only on a system you know is secure, such as one that only you access or for which you know and trust the other users.

If you want to allow an ordinary user to use the sudo command without entering the root password, you must edit the /etc/sudoers file (as the root user). A special command has been created for this purpose: visudo. This loads the sudoers file into vi and checks that anything added to the file is correct. After the sudoers file is open, move the cursor down to the section headed User Alias Command, and enter something similar to the following (substituting the name of the user for <username>):

<username> ALL=(ALL) ALL

Then move down to the lines underneath the Defaults Specification section and type a hash before the lines beginning with Defaults targetpw and %users ALL=. Your file should look similar to Figure. Then save the file and exit vi.

Image from book
Figure. The sudo command can give ordinary users root powers, but it must first be set up correctly.

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows