Today we are going to look back at one of the commands I mentioned in an earlier post; the sudo command.

Each Linux system (including Ubuntu) comes installed with a special user, a superuser, called root. It is the equivalent of the "Administrator" account in Windows and is used for the same purpose, to administer the system. To be able to do this, the root superuser has access to everything and can do anything on your system, including destroying it. You can see that the root account should not be used by just anybody and you should keep the password of it a close secret. In fact, root can be so dangerous that in Ubuntu the account is disabled by default, in other words you cannot even use it (you could re-enable it but as you will see, there really is no reason to do this).

So how do you, the non-superuser perform administrative tasks, i.e. how do you run commands that require root level privileges? You use the sudo command. sudo stands for super user do and allows authorized users to run commands as root without using the actual root account. So even though you are not root, you can pretend to be root. You do this by simply prepending the command you need to run with sudo, e.g. as I showed in an earlier post:

$ sudo apt-get install firefox

The apt-get command requires root privileges so in order to be able to run it as me, I have to prepend it with sudo. You will notice that when you do this, you will be asked to provide a password. This is YOUR USER password, not the root account's password (remember, root is disabled), i.e. the same password you provide when you enter Ubuntu (if you didn't already enable the automatic login option as discussed in Configure Ubuntu For Remote Access, Part II: Wake On LAN (WOL)).

Anything you need to do as administrator of an Ubuntu system can be done via sudo which is why there is no reason to ever enable the root account. However, this begs the question, what is the difference between using the root account directly and using sudo. There are a few subtle but very important ones actually. Fist of all, if you log in as root and leave your terminal, anybody sitting at it after you leave could do anything they want to your machine. If you use sudo they would have to provide YOUR (obviously super secure) password before they could do anything. Also, the user would not have to remember another (the root account's) password. It also will prompt YOU every time you try to do something with root privileges making you think twice before you do something you really didn't want to do. Next, you can restrict which user can do sudo and which can not (see below). And finally, each and every command run with sudo will get logged into a file (/var/log/auth.log) which you can always read to verify who did what and maybe even reverse what they did (and shouldn't have done).

To allow a user to us the sudo command, open the Users and Groups tool from System->Administration menu.



You will notice that the forms is mostly disabled because, guess what, changing User and Groups' properties requires root privileges. Just as in a terminal window, you will need to perform the equivalent of sudo on the User Settings window. You do this by clicking on the Unlock button and provide your user password. You will now see that all settings are enabled. Select the user you want to enable sudo for from the list, then click on on properties. Choose the User Privileges tab. In the tab, find "Administer the system" and check that.



An there you have it, the magical sudo command. You better get used to it because you will need to use it all the time.

Cheers,
Mark

0 comments