Limit Permissions with sudo

Limit Permissions with sudo

Sep 5, 2012

Leverage Ubuntu’s default sudo installation to allow fine-grained control over privileged access.
If you have used a number of different Linux distributions in the past, one surprising thing you’ll notice the first time you use Ubuntu is that it disables the root account. For most other distributions, the installer prompts you for root’s password, and when you need to get work done as root, you log in or use theĀ  su command to become root, and type in root’s password. Since Ubuntu’s root user has no password by default, you must use the sudo command to run commands as root. sudo sets up a way to allow access to root or other user accounts with fine-grained controls over what a person can do as that user. Plus the way sudo works is that it prompts you for your password, not that of the other user you want to switch to. This allows an administrator the ability to grant particular types of root access to users on the system without them all knowing the root password.

The default sudo configuration in Ubuntu is pretty basic and can be found in the /etc/sudoers file.
Note that you must never edit this file using a standard text editor. You must use the visudo tool.
visudo is required because it will perform extra validation on the sudoers file before you close it to make sure there aren’t any syntax errors. This is crucial because a syntax error in a sudoers file could lock out all of the users on your system. Here are the roles defined in the default Ubuntu /etc/sudoersfile:

# User privilege specification
root ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

The first rule allows root to use sudo to become any other user on the system, and the second rule allows anyone who is a member of the admin group to run any command as root. So when you want to run a command as root on a default Ubuntu system, type sudo followed by the command to run.
For instance if you wanted to run apt-getĀ  update as root, you would type:

$ sudo apt-get update

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>