sudo
sudo.ws logo | |
sudo in a terminal | |
Developer(s) | Todd C. Miller |
---|---|
Stable release | sudo 1.8.13 / March 21, 2015 |
Preview release | nothing / |
Written in | C |
Operating system | Unix-like |
Type | Privilege authorization |
License | ISC-style[1] |
Website |
www |
sudo
(/ˈsuːduː/[2] or /ˈsuːdoʊ/[2][3]) or super do, is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user (normally the superuser, or root).[4] Its name is a contraction of "substitute user do", meaning to do something as a different user (typically as root, the "superuser").[5]
Unlike the related su
command, users typically supply their own password to sudo
rather than the root password. After authentication, and if the /usr/local/etc/sudoers
(sometimes found at /etc/sudoers) configuration file permits the user access, then the system will invoke the requested command. The sudoers configuration file enables a huge amount of configurability, including but not limited to: enabling root commands only from the invoking terminal; requiring a password per user or group; requiring re-entry of a password every time or never requiring a password at all for a particular command line. It can also be configured to permit passing arguments or multiple commands, and even supports commands with regular expressions.
History
The program was originally written by Robert Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo.[6] The current version is under active development and is maintained by OpenBSD developer Todd C. Miller and distributed under a ISC-style license.[6]
In November 2009 Thomas Claburn, in response to fears that Microsoft had patented the sudo
command,[7] stated that such suspicions are overblown.[8] The claims were narrowly framed to a particular GUI, rather than to the sudo concept.[9]
Design
Unlike the su
command, users typically supply their own password to sudo. After authentication, and if the configuration file permits the user access, then the system will invoke the requested command. By default the user's password can be retained through a grace period (15 minutes per pseudo terminal), allowing the user to execute several successive commands as the requested user without having to provide a password again.
sudo
is able to log each command run. Where a user attempts to invoke sudo without being listed in the sudoers file an error is presented to the user indicating that the attempt has been recorded in the system log.
Configuration
The /etc/sudoers
file allows listed users access to execute a subset of commands while having the privileges of the root user.
sudo
may be configured to require the root password, or no password at all.[10]
Impact
In some cases sudo has completely supplanted the superuser login for administrative tasks, most notably in some Linux distributions as well as Apple's Mac OS X.[11][12]
RBAC
In association with SELinux, sudo can be used to transition between roles in role-based access control (RBAC).[13]
Tools and similar programs
visudo
is a command-line utility that allows editing of the /etc/sudoers
file in a safe fashion. It opens /etc/sudoers
, using the vi
editor's interface by default (although this can be changed by setting the shell's EDITOR
environment variable to a different text editor), prevents multiple simultaneous edits with locks, performs sanity checks and checks for parse errors.[14]
The runas
command provides similar functionality in Microsoft Windows, but it cannot pass current directories, environment variables or long command lines to the child. And while it supports running the child as another user, it does not support simple elevation. A true su
and sudo
for Windows that can pass all of that state information and start the child either elevated or as another user (or both) is included with Hamilton C shell.
There exist several frontends to sudo
for use in a GUI environment, notably kdesudo
, and gksudo
, and user interfaces not directly built on sudo
but providing similar temporary privilege elevation for administrative purposes, such as User Account Control in Microsoft Windows and Mac OS X Authorization Services.[15]
See also
References
- ↑ Todd C. Miller (2011-06-17). "Sudo License". Sudo.ws. Retrieved 2011-11-17.
- ↑ 2.0 2.1 Miller, Todd C. "Troubleshooting tips and FAQ for Sudo". Retrieved 2009-11-20.
- ↑ "How do YOU pronounce "sudo"?". Ars Technica.
- ↑ Cohen, Noam (May 26, 2008). "This Is Funny Only if You Know Unix". The New York Times. Retrieved April 9, 2012.
- ↑ White, Kevin M. (2009). Mac OS X Support Essentials V10.6. Peachpit Press.
- ↑ 6.0 6.1 Miller, Todd C. "A Brief History of Sudo". Retrieved 2007-03-05.
- ↑ Lilly, Paul. "Microsoft has Patented "sudo." Yes, the Command". Retrieved 2009-11-13.
- ↑ Thomas, Claburn (2009-11-16). "Does New Microsoft Patent Infringe On Unix Program Sudo? Some in the open source community suspicious of Microsoft's intent". Dark Reading. Retrieved 2010-11-29.
A patent granted to Microsoft (NSDQ: MSFT) has stirred up worry that world's largest software company wants to claim Unix's "sudo" as its own. [...] In short, suspicions about this patent are overblown.
- ↑ Eaton, Nick (November 12, 2009). "Did Microsoft just sneakily patent an open-source tool?". seattlepi.com. Retrieved April 24, 2011.
- ↑ "Manpage for sudo". Retrieved 2007-11-04.
- ↑ "RootSudo". Community Ubuntu Documentation. Help.ubuntu.com. 2011-11-08. Retrieved 2011-11-17.
- ↑ "Top Ten Mac OS X Tips for Unix Geeks". MacDevCenter.com. Retrieved 2011-11-17.
- ↑ "SELinux Lockdown Part Five: SELinux RBAC". Retrieved 2012-11-17.
- ↑ Todd C. Miller (2011-06-17). "Visudo Manual". Gratisoft.us. Retrieved 2011-11-17.
- ↑ "Introduction to Authorization Services Programming Guide". Developer.apple.com. Retrieved 2011-11-17.
External links
|