sudo

sudo

sudo in a terminal
Developer(s) Todd C. Miller
Operating system Unix-like
Type Privilege authorization
License ISC-style[1]
Website www.sudo.ws

sudo ( /ˈsd/[2] or /ˈsd/) is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user (normally the superuser, or root). Its name is a concatenation of the su command (which grants the user a shell of another user, normally the superuser) and "do", or take action.

Unlike the su command, users typically supply their own password to sudo rather than the root password. After authentication, and if the /etc/sudoers configuration file permits the user access, then the system will invoke the requested command.

Contents

History

The program was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo. The current version is under active development and is maintained by OpenBSD developer Todd C. Miller and distributed under a BSD-style license.[3]

In November 2009 Thomas Claburn, in response to fears that Microsoft had patented the sudo command,[4] found the suspicions to be overblown.[5] The claims were narrowly framed to a particular GUI, rather than to the sudo concept.[6]

Design

Unlike the su command, users typically supply their own password to sudo. After authentication, and if the /etc/sudoers configuration file permits the user access, then the system will invoke the requested command. By default the user's password can be retained through a grace period (15 minutes per pseudo terminal), allowing the user to execute several successive commands as the requested user without having to provide a password again.

sudo is able to log each command run. Where a user attempts to invoke sudo without being listed in the sudoers file an error is presented to the user indicating that the attempt has been recorded in the system log.

Configuration

The /etc/sudoers file allows listed users access to execute a subset of commands while having the privileges of the root user.

sudo may be configured to require the root password, or no password at all.[7]

Impact

In some cases sudo has completely supplanted the superuser login for administrative tasks, most notably in Linux distributions, such as Fedora and Ubuntu, as well as Apple's Mac OS X.[8][9]

Tools and similar programs

visudo is a command-line utility that allows editing of the /etc/sudoers file in a safe fashion. It opens /etc/sudoers using the vi editor's interface, prevents multiple simultaneous edits with locks, performs sanity checks and checks for parse errors.[10]

There exist several graphical frontends for use in a GUI environment, notably kdesudo, and gksudo; Mac OS X also has Authorization Services.[11]

The runas command provides similar functionality on Microsoft Windows.

See also

References

  1. ^ Todd C. Miller (2011-06-17). "Sudo License". Sudo.ws. http://www.sudo.ws/sudo/license.html. Retrieved 2011-11-17. 
  2. ^ Miller, Todd C. "Troubleshooting tips and FAQ for Sudo". http://sudo.ws/sudo/troubleshooting.html. Retrieved 2009-11-20. 
  3. ^ Miller, Todd C. "A Brief History of Sudo". http://www.gratisoft.us/sudo/history.html. Retrieved 2007-03-05. 
  4. ^ Lilly, Paul. "Microsoft has Patented "sudo." Yes, the Command". http://www.maximumpc.com/article/news/microsoft_has_patented_sudo_yes_command. Retrieved 2009-11-13. 
  5. ^ Thomas, Claburn (2009-11-16). "Does New Microsoft Patent Infringe On Unix Program Sudo? Some in the open source community suspicious of Microsoft's intent". Dark Reading. http://www.darkreading.com/security/security-management/221800112/index.html. Retrieved 2010-11-29. "A patent granted to Microsoft (NSDQ: MSFT) has stirred up worry that world's largest software company wants to claim Unix's "sudo" as its own. [...] In short, suspicions about this patent are overblown." 
  6. ^ Eaton, Nick "Did Microsoft just sneakily patent an open-source tool?", seattlepi.com, November 12, 2009, accessed April 24, 2011.
  7. ^ "Manpage for sudo". http://www.gratisoft.us/sudo/man/sudo.html. Retrieved 2007-11-04. 
  8. ^ "RootSudo". Community Ubuntu Documentation. Help.ubuntu.com. 2011-11-08. https://help.ubuntu.com/community/RootSudo. Retrieved 2011-11-17. 
  9. ^ "Top Ten Mac OS X Tips for Unix Geeks". MacDevCenter.com. http://www.macdevcenter.com/pub/a/mac/2002/10/22/macforunix.html. Retrieved 2011-11-17. 
  10. ^ Todd C. Miller (2011-06-17). "Visudo Manual". Gratisoft.us. http://www.gratisoft.us/sudo/man/visudo.html. Retrieved 2011-11-17. 
  11. ^ "Introduction to Authorization Services Programming Guide". Developer.apple.com. http://developer.apple.com/mac/library/documentation/Security/Conceptual/authorization_concepts/01introduction/introduction.html. Retrieved 2011-11-17. 

External links

File system
cat · cd · chmod · chown · chgrp · cksum · cmp · cp · dd · du · df · file · fsck · fuser · ln · ls · lsattr · lsof · mkdir · mount · mv · pax · pwd · rm · rmdir · size · split · tee · touch · type · umask
Processes
at · bg · chroot · cron · kill · killall · nice · pgrep · pidof · pkill · ps · pstree · time · top
User environment
clear · env · exit · finger · history · id · logname · mesg · passwd · su · sudo · uptime · talk · tput · uname · w · wall · who · whoami · write
Text processing
awk · banner · basename · comm · csplit · cut · dirname · ed · ex · fmt · head · iconv · join · less · more · paste · sed · sort · spell · strings · tail · tr · uniq · vi · wc · xargs
Shell builtins
alias · echo · expr · printf · sleep · test · true and false · unset · wait · yes
Networking
dig · inetd · host · ifconfig · netstat · nslookup · ping · rdate · rlogin · netcat · ssh · traceroute
Searching
find · grep · locate · whatis · whereis · which
Documentation
apropos · help · info · man
Miscellaneous
bc · dc · cal · date · lp · lpr