CSUF LogoCSUF Site Navigation
optics.csufresno.edu

F12 Post-Installation Changes sudo

Department of Electrical and Computer Engineering
Associate Professor Gregory R. Kriehn
Forums
Wiki
F12 sudo


sudo


sudo
is a very powerful command in the Linux environment. It allows for you to execute one superuser command, and logs the result in /var/log/secure with a time stamp, the user who executed the command, where it was executed (the terminal number and path), who the target user is (typically root), and which command was executed. Many people play fast and loose with logging in as root whenever they need superuser privileges, but in doing so, all records of any changes made to the system are lost. If you FUBAR your system as root, you are typically in deep, deep, doo doo. With sudo, at least you will know what was done, when, where, and by whom, so that you have some inkling as to how to fix it. Always execute any and all superuser commands using sudo.

Bring up a gnome-terminal window. If you running Gnome, you can do this by clicking on the terminal icon
 in Applications -> System Tools -> Terminal, which will open the terminal. Since the current shell is /bin/bash, you will see the "$" sign as your prompt.

Type:
$ su -
Hit Enter and type in the root password. This will provide you with root privileges and put you in /root.

Type:
# nano /etc/sudoers
Hit enter and nano will open, a ripoff of the old pico editor that comes bundled with the e-mail program pine. Scroll down to the line that says "# Allow root to run any commands anywhere", and below root's privilege specification enter your own. Type:
[username]    ALL=(ALL) ALL
Hit ^o (Ctrl-o) to save, and ^x to exit. From now on, whenever you need to execute a superuser command as root, use sudo. The first time you do so, you will see a warning that instructs you to be very, very careful.

To see it, first logout as
root, and then use sudo to execute a generic command. Type:
# exit
$ sudo more /etc/grub.conf

We trust you have received the usual lecture from the local System
Administrator.  It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
Type in your user password (not the root password!), and the command will be executed.

"Back in my day" (RedHat 7.0'ish) there used to be only two warnings given (the first two), until the first Spiderman movie came out. Got to love geeks...

That's the last time you will see the warning, so memorize it. Live by it.

sudo has a five minute timeout, so as long as you continue to execute superuser commands using sudo during that time period, you will not have to retype your password. Once the timeout expires, you will have to supply your password once again. Get used to it. It is a good habit to get into, even though many people find it annoying (at least at first).

The /etc/sudoers file also allows you to restrict users so that they can only execute a subset of the superuser commands, but that's a FAQ for another day. See the manual page for details.
$ man sudo
For you newbies out there, type q to exit the man page. Get used to reading them, as you will live (or die) by them when learning how to run Linux (or any other Unix-based operating system out there).