Sudo and Root account in Ubuntu

Source: Internet
Author: User
Tags ldap
Article Title: Sudo is related to the Root account in Ubuntu. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

In Ubuntu, the traditional UNIX 'root' is blocked (that is, you cannot use root to log on). The reason for this is described later in this article.

  Quick answer

Run the command with the root permission and add the 'sudo' command before each command, for example, sudo chown bob *

You will be prompted to enter your password. The password will be saved for 15 minutes. After this time, you will need to re-enter your password

We recommend that you use sudo when using Ubuntu.

Start a root shell (for example, a window where you can run the root command) and use: sudo-s

Warning: sudo-s will not change the environment variables ($ HOME, $ PATH, etc.). It has some bad side effects. You can use sudo-I to initialize the entire root environment.

To enable the root account (that is, set a password), use: sudo passwd root

After use, shield the root account from using sudo passwd-l root.

This will lock the root account.

Root permission for the application on the image interface, use either of the following: gksudo [application] Or: kdesu [application]

In Ubuntu, kdesu has been replaced with sudo.

The opposite of sudo and gksudo/kdesu may cause File Ownership problems.

  Benefits of this model

The benefits of disabling root by default include.

At first, the Ubuntu team wanted the installation to be as simple as possible. Without root, the two user interaction steps during the installation could be omitted. (Colin? Watson)

Furthermore, if root is used during installation, the user will always remember the password they selected, even if they rarely use it. the Root password is often forgotten by users unfamiliar with the Unix security model. (Matt? Zimuman)

He prevents "I can do everything" by default when logging on. Before a major change occurs, you will be prompted to enter a password, which allows you to consider your results. if you log on as the root user, you can delete some "useless directories" without realizing that you are in the wrong directory. It was too late. he practiced "su-command-^ D" for a long time in Unix, instead of staying in the root shell-unless you do serious system maintenance (then you can still use "sudo su "). (Jim? Qita and Andrew? Sopala)

Sudo adds the log records for running commands (in/var/log/auth. log). If you are in trouble, you can always return and see the running commands. (Andrew? Zbikoski)

[NextPage]

  Security

Compared with the traditional superuser model, this method has different advantages and disadvantages. Both of them do not always show good results.

When the root permission is encouraged to execute an independent command, sudo is better than opening a shell:

Reduces the total time spent on using root permissions, and reduces the risk of not paying attention to using root to execute commands

Provides useful review traces

An independent root Password (traditional model) provides additional protection when an administrator's password is compromised.

In any case, if the administrator (using sudo or su to become root) is attacked, attackers can generally obtain the root user through an indirect attack.

Possible problems with the "sudo" Mode

Although the use of sudo on the desktop is advantageous, you still need to pay attention to some possible problems.

Some packages from universe will be effectively broken (such as webmin) or dangerous to use. A good work und is to activate the root account (sudo su-; passwd) and lock it (su-; passwd-l) before processing the affected package ).

Running the sudo command to redirect the output may cause new user problems (consider "sudo ls>/root/somefile "). the work und is to use "sudo sh-c 'ls>/root/somefile'" (but this replacement is very ugly) and use Adverbio, or simply use sudo-s to get the root shell and execute it there.

MattZimmerman: For most simple solutions, dd (1): ls | sudo dd of =/root/somefile

The only user in many office environment systems is root. all other users use NSS techniques such as nss-ldap import. install a workstation www.britepic.org or repair it. In this case, the network fails, causing nss-ldap to be disconnected and root to be used. this tends to leave the system unusable unless it is cracked.

JerryHaltom: Maybe a local account must be created in those cases: "admin" has sudo to root permissions.

LucasVignoliReis: I think this is a good idea. A sudoer System Administrator account and a common account are provided to other users.

  Misunderstanding

Does sudo have su security?

The basic security models are the same, so the two systems have the same primary weakness. all use of su or sudo must be a privileged user. if attackers damage the user's account, the next time the user does this, the attacker will also be able to obtain the root privilege. the user is a weak connection on this chain, so it must be carefully protected as the root user. at a deeper level, sudo provides different work skills, which will certainly affect system security. sudo is usually used to execute only a single command. When su is usually used to open a shell and execute multiple commands. sudo should minimize the possibility of opening the root shell when it leaves, and encourage users to reduce the root privilege.

I cannot enter single-user mode!

The sulogin program in Ubuntu is scheduled to be modified to process the locked root password.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.