Archive

Posts Tagged ‘sudo’

Beginners Guide to Command Line Part III

August 12, 2008 Leave a comment

How to Acquire root Privileges
There are several ways to escalate the normal user privileges to the root user privileges. You may wonder why this needs to be done. There are many files and directories that cannot be modified by the normal user. If you are trying to fix problems and sometimes when you are trying locate problems you will need the privileges of root.

The su command allows you to “substitute user”. One of the major disadvantages of this process is that su does not record the commands executed as root. It does create a log entry for which user became root and when but not what they did with the power! Once logged in as a user you can switch to root with this command:
su root

The system will then ask for the root password. This will then provide the user with full control of the entire system and access to all files and directories on the system. One item of note for Ubuntu users. If the root account has not been configured to enable this feature you will not be able to become root with su.

su – root

This is an additional option that will place you in the root home directory when executed and provide you with the environment of the root users as well. Details of the root user environment will be discussed in the path explanation.

sudo
When Ubuntu is installed the first user to be installed on the system will be able use the sudo su command to administer the system. This is because the first user is placed in groups that allow these special privileges. Subsequent users that are added do not get these privileges by default. You can see in the example below that the first user mike is placed in a number of special groups providing these privileges while the users tom and diane do not have the same rights. This can be viewed when you open the /etc/group file with cat, short for catenate.

cat /etc/group

adm:x:4:mike
tty:x:5:
dialout:x:20:mike
cdrom:x:24:mike,tom
floppy:x:25:mike
audio:x:29:pulse,mike,tom
dip:x:30:mike
video:x:44:mike,tom
plugdev:x:46:mike,tom
fuse:x:107:mike
lpadmin:x:109:mike
admin:x:115:mike
pulse:x:116:mike
–cut–
mike:x:1000:
tom:x:1001:
diane:x:1002:

The advantage of using sudo is that there is better command logging for accountability, you can limit access, you do not have to reveal the root password, and sudo is faster

How to use the sudo command
The first user created on the system, because they are added to special groups, has the privileges to run administrative commands even though they are a normal user. If mike a normal user wanted to check the firewall configuration and executed the command, iptables -L, would only see a response that they did not have the correct privileges as you can see below.

mike@ub:/etc$ iptables -L
iptables v1.3.8: can’t initialize iptables table `filter’: Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Now if mike was a normal user that had been placed in the privileged groups he could use the sudo command to be able to execute that command. The sudo command precedes the command you want to run with root privileges.

Format → sudo command options

In the example below sudo precedes the command iptables which is followed by the option -L.

mike@ub:/etc$ sudo iptables -L
[sudo] password for mike:
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-input all — anywhere anywhere
ufw-after-input all — anywhere anywhere
—cut—

In Ubuntu the sudo command can be joined with su to create the privileges needed to execute administrative commands and to change users to root as long as you remained logged in.

sudo su

This will mean that the user will receive root privileges and be actually running as the root user which will be reflected in the prompt as you see below. Note that the “$” on the end which signifies a normal user has been replaced by the “#” which indicates that the user is now functioning as root in all of the commands they execute.

root@ub:/etc#

This is a dangerous thing to do because any mistake you make will be a permanent change, which no warning.

Follow

Get every new post delivered to your Inbox.

Join 53 other followers