Sudo

From SaruWiki
Revision as of 21:58, 23 May 2008 by Saruman! (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sudo (Super User Do) is your friend in many cases where security is involved. It is perhaps best described with this picture:
Make me a sandwich. - What? Make it yourself. - Sudo make me a sandwich. - Okay.
So what does this command sudo do? In short, it allows a user to run a command with the security privileges of a different user. It is most often used to run programs that require root privileges, while the user himself is not logged in as root.

To install sudo on a freshly installed server, you really have to be root, so either log in at the console as root, or log in as your user account and then run the command su -; the minus after the su command makes you inherit the whole profile of the superuser (root). When you now type in whoami, you'll see that the system believes you really are root now.
With the superpowers of root, you can now install the sudo package by invoking APT in the following manner:

apt-get install sudo

After this command installs the sudo package for you, you can configure it by editing the newly-appeared file /etc/sudoers. It is possible to edit this file sudoers with any editor (if you're root), but you better use visudo. This command by default invokes vi as the editor (actually, Vim on Debian), and makes sure you don't screw up the sudoers file while editing it. If you try to save it with a syntax error in it, then visudo will warn you about the error, and ask you if you want to exit without saving, go back and edit the error, or save the file with the error in it anyways (dangerous, because if visudo believes there is a syntax error, then so will sudo, so it won't run, so nobody on this system can sudo anymore until the syntax error is fixed).

We strongly encourage you to NOT log in as root if it can be avoided at all, and sudo helps you a lot. Most of the time, you're administering your system by just looking at all kinds of files, mostly logfiles. These are often world-readable anyway, so you don't have to be root to read them anyway.