未加星标

A beginner's guide to understanding sudo on Ubuntu

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二03 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Ever got a 'Permission denied' error while working on the linux command line? Chances are that you were trying to perform an operation that requires root permissions. For example, the following screenshot shows the error being thrown when Iwas trying to copy a binary file to one of the system directories:


A beginner's guide to understanding sudo on Ubuntu

So what's the solution to this problem? Simple, use the sudo command.


A beginner's guide to understanding sudo on Ubuntu

The user who is running the command will be prompted for their login password. Once the correct password is entered, the operation will be performed successfully.

While sudo is no doubt a must-know command for any and everyone who works on the command line in Linux, there are several other related (and in-depth) details that you should know in order to use the commandmore responsibly and effectively. And that's exactly what we'll be discussing here in this article.

But before we move ahead, it's worth mentioning that all the commands and instructions mentionedin this article have been tested on Ubuntu 14.04LTS with Bash shell version 4.3.11.

What is sudo?

The sudo command, as most of you might already know, is used to execute a command with elevated privileges(usually as root). An example of this we've already discussed in the introduction section above. However, if you want, you can use sudo to execute command as some other (non-root) user.

This is achieved through the -u command line option the tool provides. For example, in the example shown below, I (himanshu) tried renaming a file in some other user's (howtoforge) home directory, but got a 'permission denied' error. And then I tried the same 'mv' command with 'sudo -u howtoforge,' the command was successful:


A beginner's guide to understanding sudo on Ubuntu
Can any user use sudo?

No. For a user to be able to use sudo, an entry corresponding to that user should be in the /etc/sudoers file. The following paragraph - taken from Ubuntu's website - should make it more clear:

The /etc/sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands. The file is composed of aliases (basically variables) and user specifications (which control who can run what).

If you are using Ubuntu, it's easy to make sure that a user can run the sudo command: all you have to do is to make that user account type 'administrator'. This can be done by heading to System Settings... -> User Accounts.


A beginner's guide to understanding sudo on Ubuntu

Unlocking the window:


A beginner's guide to understanding sudo on Ubuntu

Then selecting the user whose account type you want to change, and then changing the type to ' administrator'


A beginner's guide to understanding sudo on Ubuntu

However, if you aren't on Ubuntu, or your distribution doesn't provide this feature, you can manually edit the /etc/sudoers file to make the change. You'll be required to add the following line in that file:

[user] ALL=(ALL:ALL) ALL Needless to say, [user] should be replaced by the user-nameof the accountyou're granting the sudo privilege. An important thing worth mentioning here is that the officially suggested method of editing this file is through the visudo command - all you have to do is to run the following command:

sudo visudo

To give you an idea why exactly is that the case, here's an excerpt from the visudo manual:

visudo edits the sudoers file in a safe fashion. visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.

For more information on visudo, head here .

What is a sudo session?

If you use the sudo command frequently, I am sure you'd have observed that afteryou successfully enter the password once, you can run multiple sudo commands without being prompted for the password. But after sometime, the sudo command asks for your password again.

This behavior has nothing to do with the number of sudo-powered commands you run, but instead depends on time. Yes, by default, sudo won't ask for password for 15 minutes after the user has entered it once. Post these 15 minutes, you'll be prompted for password again.

However, if you want, you can change this behavior. For this, open the /etc/sudoers file using the following command:

sudo visudo

And then go to the line that reads:

Defaults env_reset
A beginner's guide to understanding sudo on Ubuntu

and add the following variable (highlighted in bold below) at the end of the line

Defaults env_reset,timestamp_timeout=[new-value] The [new-value] field should be replaced by the number of minutes you want your sudo session to last. For example, I used the value 40.
A beginner's guide to understanding sudo on Ubuntu

In case you want to get prompted for password every time you use the sudo command, then in that case you can assign the value '0' to this variable. And for those of you who want that their sudo session should never time out, you can assign the value '-1'.

Please note that using timestamp_timeout with value '-1' is strongly discouraged.

The sudo password

As you might have observed, whenever sudo prompts you for a password and you start entering it, nothing shows up - not even asterisks that's usually the norm. While that's not a big deal in general, some users may want to have the asterisks displayed for whatever reason.

The good thing is that's possible and pretty easy to do. All you have to do is to change the following line in /etc/sudoers file:

Defaults env_reset

to

Defaults env_reset,pwfeedback

And save the file.

Now, whenever you'll type the sudo password, asterisk will show up.


A beginner's guide to understanding sudo on Ubuntu
Some important sudo command line options

Aside from the -u command line option (which we've already discussed at the beginning of this tutorial), there are some other important sudo command line options that deserve a mention. In this section, we will discuss some of those.

The -k option

Consider a case where-in you've just run a sudo-powered command after entering your password. Now, as you already know, the sudo session remains active for 15-mins by default. Suppose during this session, you have to give someone access to your terminal, but you don't want them to be able to use sudo. What will you do?

Thankfully, there exists a command line option -k thatallows user to revoke sudo permission. Here's what the sudo man page has to say about this option:

-k, --reset-timestamp
When used without a command, invalidates the user's cached credentials. In other words, the next time sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke sudo permissions from a .

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: UbuntuLinux
分页:12
转载请注明
本文标题:A beginner's guide to understanding sudo on Ubuntu
本站链接:http://www.codesec.net/view/533336.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(61)