UNIX: sudo



  • One of the most important commands and tools in the UNIX security toolbox is the more recently added sudo command being created in 1980 at SUNY Buffalo. So while much newer than su, it is very venerable in the UNIX world. It had a meteoric rise in popularity, though, in the early 2000s when the Ubuntu distro championed its use as the standard security mechanism for the platform.

    sudo originally stood for "super user do" but is often thought of as "substitute/swith user do" today as there is no absolute connection between the sudo command and the root or superuser account. Like the older su command, the idea of sudo is to allow you to act as an alternative account, which may or may not be the root user. Unlike su which logs you in as the alternative user, sudo runs a single command as that user.

    So let's compare to see the difference in how they are used. First, the old 1971 way with su to run the uptime command as the root user, then the new 1980 way to do this with sudo. Both produce the same results:

    su -
    uptime
    exit
    
    sudo uptime
    

    As you can see, for running a single command with elevated privileges, sudo is far more concise. Because there is no actual change is shells, sudo is very scriptable where su is very difficult to script.

    Those familiar with the Windows UAC system will quickly recognize how it is actually a loose copy of sudo. It took decades before this was adopted in the Windows ecosystem, but has proven there to be very valuable in improving security while reducing overall complexity of management once people had gotten used to it. It should be noted that true sudo is available on Windows as part of the Hamilton csh port.

    The sudo system is actually rather complex and has important functionality such as the ability to track the identity of someone regardless of their sudo'd privileges, ability to have different users or groups have differents types of access, require passwords or be passwordless, log actions, send alerts on failed credentials and more. Unlike su which simply exists, sudo must be configured and is quite complex.

    Some operating systems, such as Ubuntu and Mac OSX, have gone so far as to integrate sudo into their core, default security mechanisms and have made working with it a part of everyday administration, even for end users on personal laptops. Others, like CentOS and RHEL, offer it built in and ready to go but do not depend on it unless the user so desires.

    Because sudo has the ability to track original user accounts throughout a transaction history, it adds a great deal of security and auditing capacity to the UNIX ecosystem. It is easy to make all users work from basic accounts with no unnecessary privileges and allow them to elevate to higher permissioned accounts temporarily, or for a single command, only when that additional access is needed. If everyone that needed administrative access logged into a machine as the root user, we would never know who was doing what on the system because all of the users would be identified as root. But with sudo we can still see which user account was acting as root so tracking actions is easy. This decreases risk and exposure while keeping security effort to a minimum.

    The sudo system is managed by the /etc/sudoers file which is rather complex and has many options. We will look into how to configure sudo next.

    In the practical world, most UNIX systems rely heavily on sudo today and it is the most expected environment that an admin will encounter.


    Part of a series on Linux Systems Administration by Scott Alan Miller