Monday, 14 January 2008

Sudo

What is the sudo command? If you're familiar with Microsoft Windows, you'll no doubt understand what is meant by having administrative access - if you have it you can install new software, make changes to the system and things like that.

Linux works slightly differently to this. Most Linux distributions use what is called a
root account or superuser account to control what users can do. There can be any number of normal user accounts, but there is only ever one root account. To make any change at all to the system (such as installing or removing software), you need to log in as root.

Any operating system based on Unix has this, be it Linux, Mac OS X, FreeBSD or whatever. It's because Unix was designed right from the start to be a multi-user operating system, so it was designed so that many people could use it, but administrative access could be limited to certain individuals. This is why any Unix-based operating system is inherently more secure than Windows, which was designed as a single-user operating system.

However, it does have one or two disadvantages. For one thing, it can be a pain to log in as root, do what you have to do to administer your system, then log out and log back into your normal account. It can be tempting to just think "No, it'll be alright" and remain logged into root and go surfing the web. This can be a bad idea because it means that anything that gets into your computer from the Internet can then get in with administrative access, which could potentially cause problems. Also, it means more than one person may have to know the password for root, which could cause problems - I mean, how many times have you seen offices where people write passwords on Post-It notes so they can remember them? If several people need access to root and they have to write it on a piece of paper so they can remember that as well as their normal password, how bad would it be if someone got hold of that?

That's where sudo (pronounced soo-doo) comes in. It's available for many other distributions to install, but Ubuntu uses it by default (as does Mac OS X). Basically, sudo means that there is no root account. Instead, one or more users can use the sudo command to temporarily gain root access by entering their normal password again.

In use, you preface another command with it to run it as root. For instance, to use the apt-get program to install the game Pingus, here's what you would enter:
sudo apt-get install pingus
This is arguably safer because with sudo, root access expires after a few minutes, so you're safe to go surfing the Internet straight after having made whatever changes you want to. You can set which users can use sudo and which can't. So you can prevent your horrible little brother from installing any new software without your permission.

There are two similar commands for if you want to run graphical programs with root access. For instance, say you want to use the gedit text editor in Ubuntu to edit a text file that's important to the running of your system - let's say this is your /etc/apt/sources.list (you don't need to worry what this is at this stage). You'd enter the following:
gksudo gedit /etc/apt/sources.list
because gksudo is the graphical equivalent to sudo for the Gnome desktop. The KDE desktop has its own equivalent, kdesudo. So, if you wanted to edit the same file using the Kate text editor in Kubuntu, you could enter the following:
kdesudo kate /etc/apt/sources.list

Any application which will always need root access, such as when you open the Add/Remove Programs, will automatically prompt you for your password in this fashion. If you've used Windows Vista, it's very similar to that message that comes up when you want to install or remove anything, only you have to put in your password. So you may encounter kdesudo or gksudo like this even if you never input them on the command line.

Don't forget, it's there to keep your system secure.

No comments: