![]() The times they are a'changin.' -Bob Dylanĭylan was correct, although he was not singing about computers. We don't need the training wheels to do our jobs. He does not spend much time defending or explaining this position he just states it as a fact. Venezia contends in his InfoWorld article that sudo is used as an unnecessary prop for many people who act as sysadmins. There has been some recent disagreement about the uses of su versus sudo. When finished, the user can issue the exit command to revert from root back to their own non-root account. The user can work as root for as long as necessary without needing to re-authenticate. No time limit is placed on the privilege escalation provided by the su command. There are no limits on this because the user is now logged in as root. The only requirement is that the user know the root password. The su command is intended to allow a non-root user to elevate their privilege level to that of root-in fact, the non-root user becomes the root user. (You thought I was going to say something like "assign blame," didn't you?) su The logs can facilitate a problem-related postmortem to determine when users need more training. Using the sudo command does have the side effect of generating log entries of commands used by non-root users, along with their IDs. Users who need to continue working with elevated privileges but are not ready to issue another task-related command can run the sudo -v command to revalidate the credentials and extend the time for another 5 minutes. During this brief time interval, usually configured to be 5 minutes, the user may perform any necessary administrative tasks that require elevated privileges. In most cases, sudo lets a user issue one or two commands then allows the privilege escalation to expire. The sudo command does not switch the user account to become root most non-root users should never have full root access. The sudo command gives non-root users temporary access to the elevated privileges needed to perform tasks such as adding and deleting users, deleting files that belong to other users, installing new software, and generally any task required to administer a modern Linux host.Īllowing the users access to a frequently used command or two that requires elevated privileges saves the sysadmin a lot of requests from users and eliminates the wait time. The original intent of sudo was to enable the root user to delegate to one or two non-root users access to one or two specific privileged commands they need regularly. This difference is due to the distinct use cases for which they were originally intended. These tools both provide escalated privileges, but the way they do so is significantly different. Most sysadmins rarely use sudo because it requires typing more than necessary to run essential commands. Some days require staying logged in as root all day long. Many sysadmins log in as root to work as root and log out of our root sessions when finished. ![]() A user might need to run one or two commands as root, but very infrequently. There were usually many non-root user accounts on those computers, and none of those users needed total root access. The root user would also have a non-root account for non-root activities such as writing documents and managing their personal email. In this ancient world, the person entrusted with the root password would log in as root on a teletype machine or CRT terminal such as the DEC VT100, then perform the administrative tasks necessary to manage the Unix computer. Early Unix computers required full-time system administrators, and they used the root account as their only administrative account. The su and sudo commands were designed for a different world. # See the man page for details on how to write a sudoers file.Our latest Linux articles Historical perspective of sysadmins # Please consider adding local content in /etc/sudoers.d/ instead of ![]() # This file MUST be edited with the 'visudo' command as root. Content of /etc/sudoers or visudo should look like this: # If you are not allowed sudo command at all you may need an external live-usb to recover. If you can login as root on rescue mode, you can easily change file permission with chmod 440 /etc/sudoers command. Where -r-r- part shows your permission to be 440 anything other than that should be changed to that as far as I know. Just do ls -l /etc | grep sudoers and see if the output is somthing like this: -r-r- 1 root root 574 20:34 sudoers Apart from that check if the file permission part is correct. ![]() First of all if you haven't touched sudo or changed anything on /etc then its just your fear and you should read what Sergey has to say.
0 Comments
Leave a Reply. |