Now as an administrator of a Linux system, the sudo utility is a great way to manage user permissions with regards to access (especially with regard to applications). Say, for example, you have a specific executable file placed in /usr/sbin that you want your standard users to be able to use along with the ability to use the tools in the whole /usr/bin. Or say you have one specific user on your system that you want to give full administrative access to. This can all be done with the help of sudo. Let’s see how.

A quick intro

If you’re not familiar with sudo, let me give you a quick synopsis. The sudo tool allows you to effectively execute a command as a user with the security pirvileges of another user. Most often, as in Ubuntu, this allows a standard user to issue commands with administrative privileges. The basic command is issued like this:

sudo COMMAND

Where COMMAND is the command you want to run. You will then be prompted for your user password. Of course you don’t need to use sudo if you are running standard commands that do not require administrative privileges.

Sudo configuration

Sudo is configured with the help of a single file: /etc/sudoers. When you look at this file you will most likely be a bit tentative to make any changes. Fortunately the changes we are going to make are fairly basic. You do have to use sudo to make changes to the sudoers file. So to open this file with the nano editor you would issue the command:

sudo nano /etc/sudoers

and then give your user password.

Add a user for all administrative privileges

To add an already existing user to this file you would add a line in the main section. This “main” section can be found by searching for the root entry which looks like:

root ALL=(ALL)     ALL

Not only is that the line you are looking for, it is also the structure of the line you will add. Let’s say you want to add the user onichan to give her administrative rights with sudo. To do this the line would look like:

onichan     ALL=(ALL)     ALL

Now, there is one problem with adding a user like this. What a user can do is, effectively, gain access to the real, permanent root user and avoid all logging handle by sudo. So instead of the above, let’s give onichan permission to execute commands in specific directories. We’ll give her pemission to run commands in the following:

• /usr/sbin/
• /sbin

This entry will look like:

onichan ALL=/usr/sbin, /sbin

Now user onichan can execute commands in both /usr/sbin and /sbin using sudo and giving her user password.

Final thoughts

This only skims the surface of the power of sudo. We’ll cover many more aspects of this outstanding administrative tool in later articles. But at least now you can see how sudo works and how to add users. There are other aspects of sudo that I do not recommend employing (such as the NOPASSWD feature), but every system has unique needs.

Related posts

• Help, I Use Ubuntu and There’s No “su”! (4)
• Yoggie PICO Personal Mobile Security Computer (3)
• With Ubuntu 9.10 Arrives Wubi 9.10 (2)
• Widgets for Linux: SuperKaramba (6)
• Widgets for Linux: gDesklets (3)

Relax. Ubuntu was created so that “su” access wasn’t necessary. Instead Ubuntu employes the “sudo” utility which adds the standard user to the administrative group. Why did they do this? Simple. Ubuntu’s goal is to make their distribution the most user-friendly available. To that end the developers felt it necessary to “remove” the root user because the average user had little to no experience with such a beast. The average user certainly didn’t have to have “root” privileges to get around in the Windows operating system. Ubuntu figured this was the way to go. There were two ways around this – make the standard user a root user or just emply sudo and create an administrative group the standard user would belong to. Now the standard user could undertake admin tasks without having to understand the concept of a standard user versus a root user.

When you install Ubuntu you created a user and that user has a password. To handle most any “administrative” task all they have to do is use the “sudo” command so they can run commands as a different (in this case the administrative) user.

So if you want to issue a command that requires administrative access you would issue it by way of the sudo command like so:

sudo ADMIN_TASK

Where ADMIN_TASK is the actual administrative task you want to run. When you hit enter you will be asked for your password, at which point you will enter your standard user password.

But What About “su”?

I have run into instances where I have wanted to have actual root access. Although I don’t really recommend this (It is actually best to stick with the setup Ubuntu has created), you can create a root password by issuing the command:

sudo passwd root

When you press enter you will be prompted (twice) for a new password. Once you enter the password the second time your root password will be ready to use.

/etc/sudoers

The /etc/sudoers file is where you configure sudo. This file shouldn’t really be monkied with as the default should work perfectly for you. There is one particular line you should definitely avoid (of course I have to point it out so you will know which one to avoid.) Take a look at this line:

# %sudo ALL=NOPASSWD: ALL

You probably have a good guess as to what that line would do if it were uncommented. Allow the sudo user access to root privileges without having to use a password. This should remain commented out so this option isn’t available.

Final Thoughts

The Ubuntu distribution has created one of the most user-friendly setups in Linux land. Taking advantage of sudo is one of the many ways Ubuntu achieves such a state. Understanding the sudo system will keep new Ubuntu users from pulling out their hair as they attempt to gain root privileges. New users? Nothing to see here…just go about your business. ;-)

Related posts

• With Ubuntu 9.10 Arrives Wubi 9.10 (2)
• Why you should switch your parents pc to ubuntu (20)
• Which Ubuntu Derivative Is Right For You? (16)
• What makes Ubuntu so user friendly? (47)
• Use SoundJuicer to rip mp3 directly in Linux (4)

An owner of a computer surely wants to install software on it even if he is running as a limited user. This is where the problem starts. The Run As command can be used to run applications as a different user. The major problem is that you have to provide the username and password for that user to be able to run the selected application. This data can be easily logged by a keylogger.

Surun uses its own Windows service that adds the user to the group of administrators during program start and removes him automatically from that group again. The user, not the administrator, will be asked on a secure desktop that only services may access if he wants to run the program and if he confirms that the application will be started. Programs are started with a right-click and the selection of Run as Administrator.

Surun comes with lots of settings and a huge configuration. Each application that was once started with Surun can be added to a list of applications that are started without the prompt from then on.

Related posts

• Update Windows without Microsoft (5)
• Drop my Rights for increased security (1)
• Yahoo Widget Position Restorer (1)
• XP SP3 and Vista SP 1 available through Windows Update (6)
• Windows Vista Critics Love Windows Mojave (44)