sudo

Leave a reply

So one day, Tony Stark noticed a wasp in his lab.  He could put on the whole suit to kill it, or he could just put on the glove.  The whole suit is overkill, right?  Just one glove would take care of the whole thing.  There’s a similar idea in Linux®.  Using su to get root powers is overkill, the ‘just enough’ command is sudo.

Glove vs Wasp

Iron Man’s Glove vs Wasp

sudo lets you execute a command as another user.  You can be root, you can be tonystark, batman, spock… you can be anyone you want, but you have to be given the power.  You can’t just walk up to the computer terminal and say ‘today, I’ll be batman, Batman’s user name.  I’ll do whatever batman can do on this Linux® system because sudo will let me’.

That’s kind of like putting on Batman’s suit and declaring yourself Batman.  It doesn’t work like that… though I wouldn’t mind being Batman for a day and driving around in the Batmobile.  That thing looks awesome.

Once you’re given permissions, you execute the commands like this:

Alpha:~ computerlamp$ sudo -u batman vi plans

If I have the permissions to do it, I can edit the plans file as batman.  I’m hoping it contains the plans for how to stop the Riddler.  Riddles aren’t my thing.

Anyway, how do you know what commands you have?  Well, there’s a flag for that!  (The other Linux® motto.)

Alpha:~ computerlamp$ sudo -l
Matching Defaults entries for computerlamp on Alpha:
    env_reset, env_keep+=BLOCKSIZE, env_keep+="COLORFGBG COLORTERM",
    env_keep+=__CF_USER_TEXT_ENCODING, env_keep+="CHARSET LANG LANGUAGE LC_ALL LC_COLLATE
    LC_CTYPE", env_keep+="LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME", env_keep+="LINES
    COLUMNS", env_keep+=LSCOLORS, env_keep+=SSH_AUTH_SOCK, env_keep+=TZ, env_keep+="DISPLAY
    XAUTHORIZATION XAUTHORITY", env_keep+="EDITOR VISUAL", env_keep+="HOME MAIL",
    lecture_file=/etc/sudo_lecture

User computerlamp may run the following commands on Alpha:
    (ALL) ALL

So the first part of that response we’ll talk about another time.  It’s the last line that’s the most interesting.  It says that I can run all commands on Alpha.  Every single one!

So why do I use sudo rather than su?  Well, it’s to keep myself from making mistakes. If I have to think about each command before I use it, then I’ll be more careful.

Remember, for both sudo and su, it’s like Spiderman’s Uncle Ben said.

Spiderman!

With great power comes great responsibility!

Leave a Reply

Your email address will not be published. Required fields are marked *