Author Topic: What about "root" access and the "sudo" command?  (Read 9323 times)

Offline kendall

  • Administrator
  • Member
  • *****
  • Posts: 656
  • Karma: 133
  • Co-Founder
    • View Profile
What about "root" access and the "sudo" command?
« on: March 12, 2014, 03:48:39 pm »
In any UNIX-like operating system, including Linux, there are several different types of users with different permissions for different things. A regular user can only write to files in their home directory while they may be able to read and execute from other directories depending upon the specific permissions of those directories. Typically in most UNIX-like operating systems, there is a "root" user or "superuser" who has permission to read, write, and execute everything in the entire system. While this is certainly convenient for getting things done, it's also incredibly dangerous as any processes executed by the root user also have permission to read, write, and execute everything.

Part of what makes Linux and many other UNIX-like operating systems secure is that regular users do not have root user access and therefore can not severely damage any part of the system except for their home directory. There are, however, times when certain users may need to temporarily gain the privileges of a root user or another user for the sake of installing/removing things, updating things, or perhaps just general system maintenance.

Installed in Peppermint and most other modern UNIX-like operating systems is a program called sudo, which stands for Substitute User DO. The sudo program allows any user specified in its configuration to gain specific privileges of other users including the root user in most instances. Take for instance the following command:

Code: [Select]
apt-get upgrade
When the root user runs this command it runs with no problems and installs any available package updates from the software repositories. When a regular user runs this command it fails as it requires root access given that the command can affect the way the entire system works, rather than just the user's home directory. If a regular user with sudo permissions then tries to run the following:

Code: [Select]
sudo apt-get upgrade
The command will then prompt for the password associated with that user's sudo permissions and will then run as if the root user ran the command instead. It does this by substituting the user's privileges with those of the root user, hence the aforementioned name "substitute user do". The sudo command also allows you to substitute the privileges of other non-root users in order to access files and directories owned by them. As such simply putting "sudo" before a command implies that it's the root user you're trying to substitute privileges from and actually performs the same action as if you explicitly state the root user like in the following:

Code: [Select]
sudo -u root apt-get upgrade
So let's say for instance you're running an Apache web server and need to create a directory in the web root. The regular user doesn't have permission to create the directory and creating it with the root user will not give Apache's user (www-data) access to it either because something created by the root user can only be adjusted by the root user until specified otherwise. We can use sudo to assume the permissions of www-data to create the directory:

Code: [Select]
sudo -u www-data mkdir /var/www/testdirectory
Similarly a user with sudo permissions can often access any other user's privileges provided the appropriate sudo command and their sudo password.
Peppermint is powered by VPS.NET Cloud Servers.