Sysadmin root and sudo differences in a single user/self managed server

Kintaro · Nov 20, 2018

apart the possibility to limit what commands a sudoers can use or not... I can't see many differences (error related) between a massive use of "sudo command" and launching the same command with root privilege. am I missing something?

eva2000 · Nov 20, 2018

maybe explanation at might help https://unix.stackexchange.com/a/291467/26581

Executive summary: "root" is the actual name of the administrator account. "sudo" is a command which allows ordinary users to perform administrative tasks. "Sudo" is not a user.

Long answer:

"root" (aka "superuser") is the name of the system administrator account. The origins of the name are a little archaic, but that doesn't matter.

Root user has user id 0 and nominally has unlimited privileges. Root can access any file, run any program, execute any system call, and modify any setting. (But see below¹).

Prior to the invention of the "sudo" command, if you wanted to perform administrative tasks, you had to login as root, either by getting a login prompt² somehow, or with the su command ("su" being short for superuser.)³

That's a bit of a hassle, and also doesn't let you give users partial administrative powers. So the "sudo" command (short for "superuser do") was invented.

The "sudo" command lets you execute commands with superuser privileges as long as your user id is in the sudoers file, giving you the necessary authorization.

So, e.g. sudo vi /etc/hosts would allow you to edit the hosts file as if you were running as root. You don't even need the root password, just your own login password.

And of course, sudo su would allow you to simply become root. The result is the same as if you had logged in as root or executed the su command, except that you don't need to know the root password but you do need to be in the sudoers file.

The sudoers file determines who can use the sudo command and what they can do with it.

The sudoers file is what gives you multiple administrators⁴. Effectively, your administrators are root, plus everybody listed in the sudoers file. Without the sudoers file, the only administrator is root.

In fact, in organizations where someone else administers your computer for you, it's quite common to not know the root password of your own computer — as long as you're in the sudoers file, it doesn't matter.

At one company I worked for, with a ginormous server farm, only a very, very small number of people knew the root passwords. Instead, there was a database of who was allowed to work on which servers. An automated process would add you to the sudoers files of those servers you were authorized to access, and remove you when your authorization expired.
Click to expand...

GASTAN · Dec 16, 2018

I guess the idea prepending sudo every time you run command is to make u think twice about what you are typing?
dunno
I do 'sudo su -' and dont ues sudo anymore

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Sysadmin root and sudo differences in a single user/self managed server

Kintaro Member

eva2000 Administrator Staff Member

GASTAN Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Sysadmin root and sudo differences in a single user/self managed server

Kintaro Member

eva2000 Administrator Staff Member

GASTAN Member

.