Leverage Ubuntu’s default sudo installation to allow fine-grained control over privileged access.
If you have used a number of different Linux distributions in the past, one surprising thing you’ll notice the first time you use Ubuntu is that it disables the root account. For most other distributions, the installer prompts you for root’s password, and when you need to get work done as root, you log in or use the su command to become root, and type in root’s password. Since Ubuntu’s root user has no password by default, you must use the sudo command to run commands as root. sudo sets up a way to allow access to root or other user accounts with fine-grained controls over what a person can do as that user. Plus the way sudo works is that it prompts you for your password, not that of the other user you want to switch to. This allows an administrator the ability to grant particular types of root access to users on the system without them all knowing the root password.
The default sudo configuration in Ubuntu is pretty basic and can be found in the /etc/sudoers file.
Note that you must never edit this file using a standard text editor. You must use the visudo tool.
visudo is required because it will perform extra validation on the sudoers file before you close it to make sure there aren’t any syntax errors. This is crucial because a syntax error in a sudoers file could lock out all of the users on your system. Here are the roles defined in the default Ubuntu /etc/sudoersfile:
# User privilege specification
root ALL=(ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
The first rule allows root to use sudo to become any other user on the system, and the second rule allows anyone who is a member of the admin group to run any command as root. So when you want to run a command as root on a default Ubuntu system, type sudo followed by the command to run.
For instance if you wanted to run apt-get update as root, you would type:
$ sudo apt-get update