Wednesday, 20 November 2019

How to Control sudo Access on Linux

A Linux terminal window on a Ubuntu-style desktop.
Fatmawati Achmad Zaenuri/Shutterstock

The sudo command lets you run commands on Linux as though you were someone else, such as rootsudo also lets you control who can access root's capabilities, with granularity. Give users full access or let them use a small subset of commands. We show you how.

sudo and Root Permissions

We’ve all heard (the oversimplification) that everything in Linux is a file. In truth, virtually everything in the operating system from processes, files, directories, sockets, and pipes talk to the kernel through a file descriptor. So although everything isn’t a file, most operating system objects are handled as though they were. Where possible, the design of Linux and Unix-like operating systems adhere to this principle.

The concept of “everything is a file” is far-reaching in Linux. It’s easy to see then, how file permissions in Linux became one of the mainstays of user privileges and rights. If you own a file or directory (a special kind of file), you can do what you like with it, including editing, renaming, moving, and deleting it. You can also set the permissions on the file so that other users or groups of users can read, modify, or execute the file. Everyone is governed by these permissions.

Everyone that is, apart from the superuser, known as root. The root account is a specially privileged account. It is not bound by the permissions on any of the objects in the operating system. The root user can do anything to anything and, pretty much, at any time.

Of course, anyone with access to root's password can do the same. They could wreak havoc either maliciously or accidentally. In fact, the root user can wreak havoc by making a mistake too. No one is infallible. It’s dangerous stuff.

This is why it is now considered best practice to not log in as root at all. Log in with a regular user account and use sudo to elevate your privileges for the short duration you need them. Often that is just to issue a single command.

RELATED: What Does "Everything Is a File" Mean in Linux?

The sudoers List

sudo was already installed on the Ubuntu 18.04.3, Manjaro 18.1.0, and Fedora 31 computers used to research this article. This is not a surprise. sudo has been around since the early 1980s and has become the standard means of superuser operation for almost all distributions.

When you install a modern distro, the user you create during the install is added to a list of users called sudoers. These are the users who can use the sudo command. Because you have sudo powers, you can use them to add other users to the list of sudoers.

Read the remaining 80 paragraphs



from How-To Geek https://ift.tt/2OsWq0G

No comments:

Post a Comment