Sudo
Encyclopedia
sudo is a programComputer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
for Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
computer operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s that allows users to run programs with the security privileges of another user (normally the superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
, or root). Its name is a concatenation of the
suSu (Unix)The su command, also referred to as super user substitute user, spoof user, set user or switch user, allows a computer operator to change the current user account associated with the running virtual console....
command (which grants the user a shellShell (computing)
A shell is a piece of software that provides an interface for users of an operating system which provides access to the services of a kernel. However, the term is also applied very loosely to applications and may include any software that is "built around" a particular component, such as web...
for the superuser) and "do", or take action.
Unlike the
su command, users typically supply their own passwordPassword
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
to
sudo rather than the root password. After authentication, and if the /etc/sudoers configuration file permits the user access, then the system will invoke the requested command.History
The program was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer ScienceComputer science
Computer science or computing science is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems...
at SUNY/Buffalo
University at Buffalo, The State University of New York
University at Buffalo, The State University of New York, also commonly known as the University at Buffalo or UB, is a public research university and a "University Center" in the State University of New York system. The university was founded by Millard Fillmore in 1846. UB has multiple campuses...
. The current version is under active development and is maintained by OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
developer Todd C. Miller and distributed under a BSD-style license.
In November 2009, in response to fears that Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
had patented the
sudo command, Thomas Claburn found the suspicions "overblown". The claimClaim (patent)
Patent claims are the part of a patent or patent application that defines the scope of protection granted by the patent. The claims define, in technical terms, the extent of the protection conferred by a patent, or the protection sought in a patent application...
s were narrowly framed to a particular GUI
Gui
Gui or guee is a generic term to refer to grilled dishes in Korean cuisine. These most commonly have meat or fish as their primary ingredient, but may in some cases also comprise grilled vegetables or other vegetarian ingredients. The term derives from the verb, "gupda" in Korean, which literally...
, rather than to the sudo concept.
Design
Unlike thesu command, users typically supply their own passwordPassword
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
to sudo. After authentication, and if the
/etc/sudoers configuration file permits the user access, then the system will invoke the requested command. By default the user's password can be retained through a grace period (15 minutes per pseudo terminalPseudo terminal
In some operating systems, including Unix, a pseudo terminal is a pseudo-device pair that provides a text terminal interface without an associated device, such as a virtual console, computer terminal or serial port...
), allowing the user to execute several successive commands as the requested user without having to provide a password again.
sudo is able to log each command run. Where a user attempts to invoke sudo without being listed in the sudoers file an error is presented to the user indicating that the attempt has been recorded in the system log.Configuration
The/etc/sudoers file allows listed users access to executeExecution (computers)
Execution in computer and software engineering is the process by which a computer or a virtual machine carries out the instructions of a computer program. The instructions in the program trigger sequences of simple actions on the executing machine...
to a subset
Subset
In mathematics, especially in set theory, a set A is a subset of a set B if A is "contained" inside B. A and B may coincide. The relationship of one set being a subset of another is called inclusion or sometimes containment...
of commands while having the privileges of the root user.
sudo may be configured to require the root password, or no password at all.Impact
In some cases sudo has completely supplanted the superuser login for administrative tasks, most notably in Linux distributionLinux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
s, such as Fedora
Fedora (operating system)
Fedora is a RPM-based, general purpose collection of software, including an operating system based on the Linux kernel, developed by the community-supported Fedora Project and sponsored by Red Hat...
and Ubuntu
Ubuntu (operating system)
Ubuntu is a computer operating system based on the Debian Linux distribution and distributed as free and open source software. It is named after the Southern African philosophy of Ubuntu...
, as well as Apple's Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
.
Tools and similar programs
visudo is a command-line utility that allows editing of the /etc/sudoers file in a safe fashion. It opens /etc/sudoers using the viVivi is a screen-oriented text editor originally created for the Unix operating system. The portable subset of the behavior of vi and programs based on it, and the ex editor language supported within these programs, is described by the Single Unix Specification and POSIX.The original code for vi...
editor's interface, prevents multiple simultaneous edits with lockLock (computer science)
In computer science, a lock is a synchronization mechanism for enforcing limits on access to a resource in an environment where there are many threads of execution. Locks are one way of enforcing concurrency control policies.-Types:...
s, performs sanity checks and checks for parse errors.
There exist several graphical frontends for use in a GUI
Graphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
environment, notably
kdesudo, and gksudo; Mac OS XMac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
also has Authorization Services.
The
runasRunasIn computing, runas is a command in the Microsoft Windows line of operating systems that allows a user to run specific tools and programs under a different username to the one that was used to logon to a computer interactively...
command provides similar functionality on Microsoft WindowsMicrosoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
.
See also
- chrootChrootA chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot...
- Comparison of privilege authorization featuresComparison of privilege authorization featuresA number of computer operating systems employ security features to help prevent malicious software from gaining sufficient privileges to compromise the computer system...