Sudo command on Linux (privilege scale)
The sudo command on Linux executes a given command as if it were another user. It is used on a daily basis in system administration tasks, mainly to scale root account privileges.
If the user who ran sudo is an ordinary user, they must know the password of the user who wishes to execute the command.
If the user who ran sudo is root, sudo will not ask for any user’s password, since root has superpowers.
Example:
EOT
In this example, the root user is sending an email as if they were the user “uira”.
Note that if another user tries to make sudo run a program with another user’s permissions, sudo will request the user’s password:
In this example, the user “uira” is trying to send an email as if they were the user “Carla”.
Sudo is useful when you want a process to run with a specific user, so that the file permissions are correct for the perfect functioning.
The su command
The su command executes the shell as if it were another user.
Example:
In this example, the user “uira” requests that the Shell run as the “root” user. In this way, the user “uira” will gain all superuser account permissions in the system.
The “- “signal causes the shell load scripts of the “root” account to be read, as if the “root” himself were logging into the system.
You can also specify a user to run the shell as if it were him:
In this example, the root user will run the shell as if they were the user “uira”.
On more secure systems, the “root” user is never allowed to enter the system directly. Thus, users must log in with their access accounts and, if necessary, must execute superuser commands using “sudo” or accessing the root account with “su”.
To log in as root, you can use the command:
In this case, you need to know the root user’s password.
For this reason, it is common when a user wants to gain root privileges, the command is used:
So, if your user is in the group that has permission to run sudo in the /etc/sudoers file, you only need to re-authenticate with your own password, not the root user’s password. This authentication is just to confirm that you are yourself. Depending on the configuration, even this authentication is not required.
The sudoedit command
The sudoedit command is useful for editing files with the permissions of another user, especially root.
There are two situations in which the use of Sudoedit is interesting:
The first is when the system administrator wishes to give permissions to a particular user to edit a file to which that user does not have writing permissions (w), and the administrator does not want to give the user full “sudo” permissions.
The trick is to create a group of users that can do Sudoedit with the groupadd command:
And create a line in the /etc/sudoers file for the group, allowing the gruposudoedit group to execute the sudoedit command for the given file:
Once this is done, any user who is part of the gruposudoedit group can edit the file with the sudoedit command:
The second most common situation is that the administrator needs to edit a system file, especially the configuration files in the /etc. directory.
The administrator can use the “sudo vi” command to run the text editor “vi” as root, and edit the file:
It turns out that in this way the “vi” will lose all the colored markings in the text:
The best thing to do in these cases is to use Sudoedit, since it edits the file, saves a temporary copy, and only then copies the temporary copy to the original file.