Linux security: What is sudo and why is it so important?
Back in the early days of Linux, things were exponentially more complicated. The distributions were far less mature, but they also required the use of a particular system account to get certain things done. That account was root, and with it, you had unlimited power over your operating system.
Also: This official Ubuntu Spin might be just be the perfect intro to Linux
To demonstrate the power of the root account, one trick you could always play on unsuspecting users was to tell them to change to the root user with the su command and then have them issue the following:
rm -rf /
The rm command is used to delete files and folders. In conjunction with r (recursive) and f (force), you would delete everything from the root folder (/), thus rendering your system unusable.
Also: Can't remember the Linux command you ran earlier? Let history repeat itself
Back then, any command that required administrative privileges was run via the root user. In order to do that, you either had to change to the root user (with the su command) or log in as the root user. Both of these options were eventually considered a security issue. Why? If you logged in as the root user and walked away from your system, anyone could do anything they wanted to it. The same thing holds true with changing to the root user and leaving a terminal window open.
Of course, it's much more complicated than that. Having access to the root user meant if a hacker gained access to your system, they could then change to the root user and wreck havoc on the machine.
Eventually, it was decided something had to give. Out of that need, sudo was born. Sudo stands for "superuser do" and effectively gives a regular user (one that belongs to the admin group) access to administrator-like powers. This solved two problems:
- The root user could be deactivated (so it couldn't be as easily leveraged).
- Only users in the admin group (more on this in a bit) could run administrative tasks.
This was a significant step forward for Linux, one that not only bolstered the security of the system but also made it easier for users.
Also: The best Linux distros for beginners
With sudo in place, users no longer had to change to the root user or log into that account to run administrative commands (such as installing software). Users could run those admin activities through sudo with the same effect as if they were run from the root user account. On top of that, it offered better control over who could do what on any given system. When attempting to run a command that required admin privileges, a user only had to type their user password (also called their sudo password) and the command would go off without a hitch (so long as it was run properly).
For example, instead of having to first change to the root user with su and then issuing the update/upgrade commands on a Ubuntu-based distribution, you could simply issue the commands:
sudo apt-get update sudo apt-get upgrade -y
By running apt-get through sudo, the user is granted temporary admin privileges and can successfully issue those commands.
What about users not in the admin group?
With regards to the basics of using sudo, any user that you want to grant access to that particular power has to be a member of the admin group for that distribution. For example, on Ubuntu-based distributions, that group is sudo, whereas, on Red Hat-based distributions, that group is called wheel.
Also: How to permanently mount a drive in Linux (and why you should)
If you have a user that isn't a member of the admin group when they attempt to run a command with sudo, they'll see something like this:
olivia is not in the sudoers file. This incident will be reported.
How do you fix that? You add them to the admin group. So, for a Ubuntu-based distribution, the command to add a user to the admin group would be:
sudo usermod -aG sudo USER
Where USER is the username in question.
On a Red Hat-based distribution (such as Fedora), that command would be:
sudo usermod -aG wheel USER
Where USER is the username in question.
After running the command, the user would then either have to log out and log back in, or make the system aware of the changes with the command:
newgrp
Once a user has been added to the admin group, they can use sudo to run commands that require admin privileges.
Also: The best Linux laptops for consumers and developers
Sudo has made Linux not only more secure but also more user-friendly. No longer having to change to (or log into) the root user account avoids a number of serious security pitfalls and allows you to manage user access to admin tasks.