How sudo command works?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

How sudo command works?

Postby manjibu on Thu Oct 25, 2012 2:17 am

I just installed linux mint debian. When I run sudo command, it asked my current password, I thought it should ask root password instead. For example, I want to restart postgresql service:

Code: Select all
sudo service postgresql restart


Then it asked my current user's password instead of root's password. Why is it like that? In my experience in other distro, it's not like that.

Btw, I apologize if my question is too n00b.


Thx & Regards,
manjibu
manjibu
Level 1
Level 1
 
Posts: 5
Joined: Thu Oct 25, 2012 1:34 am

Linux Mint is funded by ads and donations.
 

Re: How sudo command works?

Postby lime795 on Thu Oct 25, 2012 2:22 am

Sudo works like the admin account in most windows versions but different. It gives you higher access then being a regular user like windows, hence asking for your user password. but sudo always uses the user password because sudo itself doesnt have its own password.

Hope this helps.
lime795
Level 1
Level 1
 
Posts: 9
Joined: Mon Mar 26, 2012 2:07 pm

Re: How sudo command works?

Postby manjibu on Thu Oct 25, 2012 2:40 am

Isn't it unsafe to ask for same user password? I'm not techies, but I just think like this: if a hacker managed to know a user password, that means he can perform root level activity with sudo. But if sudo needs root password, as long the hacker doesn't know root password, the system will be much safer.
manjibu
Level 1
Level 1
 
Posts: 5
Joined: Thu Oct 25, 2012 1:34 am

Re: How sudo command works?

Postby eanfrid on Thu Oct 25, 2012 3:33 am

sudo is designed to offer various spans of user privileges. A sudo user may have limited access to some list of commands or machines or whatever. It is much more smarter than granting full root access when it is not really needed. However, yes, if your sudo-user account is granted ALL access, then you indeed own an alternate root account when you use sudo. But the rest of the time, your account is nothing more than a common user account. Compared to true root access, it is slightly different since your hacker would have to guess what is your user account - instead of simply trying "root" (security by obscurity) - and would have to use the sudo command to enable these privileges.

I think your fear resides in your own password strength and how you protect use of this password. Trying to crack any user password don't make a difference between either a root account or a user account. Then
if a hacker managed to know a user password
is not relevant. Cracked, given or stolen don't make a difference for this matter.
Main desktop: Debian GNU/Linux Wheezy 64bit w/custom 3.14 longterm kernel - MATE 1.8.1
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
True private storage on SpiderOak
User avatar
eanfrid
Level 7
Level 7
 
Posts: 1841
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: How sudo command works?

Postby manjibu on Thu Oct 25, 2012 4:59 am

When first time installing linux mint, I don't remember it ever asked me to set password for root. So, when I run su command like this: su -c "service postgresql restart", the system only asked my current user password. So, could that mean root doesn't has password at all? or root's password was set as same as my current user's password? If bad hacker know my user name and password, that would be pretty screwed up, isn't it?
manjibu
Level 1
Level 1
 
Posts: 5
Joined: Thu Oct 25, 2012 1:34 am

Re: How sudo command works?

Postby eanfrid on Thu Oct 25, 2012 5:01 am

The root account is disabled. I thought that I made it clear
If bad hacker know my user name and password
is no easier job than knowing root password unless you typed a weak user password and/or gave it to anyone but you. BTW I use a very strong user password (even stronger than root password if I would have to temporarily enable root account for some obscure reason) and use sudo everyday.
Main desktop: Debian GNU/Linux Wheezy 64bit w/custom 3.14 longterm kernel - MATE 1.8.1
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
True private storage on SpiderOak
User avatar
eanfrid
Level 7
Level 7
 
Posts: 1841
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: How sudo command works?

Postby xenopeek on Thu Oct 25, 2012 6:19 am

The root account is not disabled, and IIRC its password is set to the initial password of the user created during installation of Linux Mint. You can try by pressing Ctrl+Alt+F1 to go to the virtual console, and logging in there with username "root" and that password. (You can return to the graphical desktop with Ctrl+Alt+F7, sometimes Ctrl+Alt+F8.)

sudo requires your password, but you can change the sudo configuration if you want so it requires the root password. As shared, this is not in any way more or less secure. If somebody manages to get remote access to your machine, you're already in trouble.

If you want to disregard all that has been said, and want to change sudo so it requires the root password, proceed as follows. Open a terminal and run the following command, providing your password when asked:
Code: Select all
sudo visudo

Then beneath the other Defaults line add:
Code: Select all
Defaults rootpw

Save & close the file and henceforth sudo will require the root password instead of your own. Don't forget your root password...
User avatar
xenopeek
Level 21
Level 21
 
Posts: 14852
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: How sudo command works?

Postby eanfrid on Thu Oct 25, 2012 6:44 am

Oops ! So I disabled the root account :) Hence you also have the choice between entering a harder (or at least different) user password than root password or completely disabling the root account.
Main desktop: Debian GNU/Linux Wheezy 64bit w/custom 3.14 longterm kernel - MATE 1.8.1
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
True private storage on SpiderOak
User avatar
eanfrid
Level 7
Level 7
 
Posts: 1841
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: How sudo command works?

Postby elemenophee on Mon Oct 29, 2012 10:02 am

If I'm not mistaken, installation asks you for both root and user password.

Maybe I'm wrong... I've installed many systems these last days.

Sent through Tapatalk
elemenophee
Level 1
Level 1
 
Posts: 25
Joined: Tue Oct 16, 2012 4:23 am

Re: How sudo command works?

Postby xenopeek on Mon Oct 29, 2012 12:21 pm

elemenophee wrote:If I'm not mistaken, installation asks you for both root and user password.

It doesn't.
User avatar
xenopeek
Level 21
Level 21
 
Posts: 14852
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: How sudo command works?

Postby DrHu on Mon Oct 29, 2012 1:05 pm

If the application you are using is entirely local to your account and no-one else is logging into the system, then security of the admin user may not be much of an issue; however if there is more than one user and you are the admin (first user created with the install), then a strong password/passphrase is a good idea

For sudo and other applications, such as your DB, being concerned or at least checking the issues in security of the same is also a good idea

sudo..
https://en.wikipedia.org/wiki/Sudo

https://en.wikipedia.org/wiki/Compariso ... n_features
    Impact
    In some cases sudo has completely supplanted the superuser login for administrative tasks, most notably in Linux distributions, such as Fedora and Ubuntu, as well as Apple's Mac OS X.[10][11]
User avatar
DrHu
Level 16
Level 16
 
Posts: 6796
Joined: Wed Jun 17, 2009 8:20 pm

Linux Mint is funded by ads and donations.
 

Return to Newbie Questions

Who is online

Users browsing this forum: No registered users and 3 guests