 sudo in a terminal |
|
| Developer(s) | Todd C. Miller |
|---|---|
| Stable release | 1.7.1 / April 18, 2009 |
| Operating system | Unix-like |
| Type | Privilege authorization |
| License | ISC-style[1] |
| Website | http://www.sudo.ws/ |
The sudo (“su do”, /ˈsuːduː/, though /ˈsuːdoʊ/ is also common, as is /ɛsjuːˈduː/) command is a program for some Unix and Unix-like computer operating systems that allows users to run programs with the security privileges of another user (normally the superuser, a.k.a. root). It is similar to the Windows command runas. By default, sudo will prompt for a user password but it may be configured to require the root password, or require it only once per pseudo terminal, or no password at all.[2] Sudo is able to log each command run and in some cases has completely supplanted the superuser login for administrative tasks, most notably in Ubuntu Linux and Apple's Mac OS X.[3][4]
The program was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo. The current version is under active development and is maintained by OpenBSD developer Todd C. Miller and distributed under a BSD-style license.[5]
Contents |
Design
Before running a command with sudo, users typically supply their password. Once authenticated, and if the /etc/sudoers configuration file permits the user access, then the command is run. There exist several graphical frontends for use in a GUI environment, notably kdesu, kdesudo, gksu, and gksudo; Mac OS X also has the "authorization services", a GUI equivalent to sudo. By default the user's password can be retained through a grace period, allowing the user to execute several successive commands as root without having to provide the password again.
The following is an example where the user is denied access:
snorri@rimu:~$ sudo vi /etc/resolv.conf
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
snorri is not in the sudoers file. This incident will be reported.
snorri@rimu:~$
Below is the log of this failed attempt, then a later successful one, after snorri has been added to /etc/sudoers:
snorri@rimu:~$ sudo tail /var/log/auth.log Aug 5 06:00:28 localhost sudo: snorri : user NOT in sudoers ; TTY=pts/1 ; PWD =/home/snorri ; USER=root ; COMMAND=/usr/bin/vi /etc/resolv.conf Aug 5 06:01:15 localhost su[15573]: (pam_unix) session opened for user root by snorri(uid=1000) Aug 5 06:02:09 localhost sudo: snorri : TTY=pts/1 ; PWD=/home/snorri ; USER=root ; COMMAND=/usr/bin/vi /etc/resolv.conf Aug 5 06:02:49 localhost sudo: snorri : TTY=pts/1 ; PWD=/home/snorri ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
See also
- Comparison of privilege authorization features
- setuid
- su
- Sudosh
- sysctl
- User Account Control
- runas
- App Runner
References
- ^ Sudo License
- ^ "Manpage for sudo". http://www.gratisoft.us/sudo/man/sudo.html. Retrieved on 2007-11-04.
- ^ RootSudo - Community Ubuntu Documentation
- ^ MacDevCenter.com - Top Ten Mac OS X Tips for Unix Geeks
- ^ Miller, Todd C. "A Brief History of Sudo". http://www.gratisoft.us/sudo/history.html. Retrieved on 2007-03-05.
External links
- The sudo homepage
- rootsh and sudosh, sudo wrappers for logging
- Sudo Fun, a brief guide to sudo on the Mac OS X
|
||||||||||||||||||||||||||
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
