Re: Sudo
From: Enkidu (enkidu.com_at_com.cliffp.com)
Date: 10/24/05
- Next message: Enkidu: "Re: hardware clock tweaking"
- Previous message: Enkidu: "Re: CUPS No Canon Printer"
- In reply to: Nitewolf: "Re: Sudo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 24 Oct 2005 14:23:22 +1300
Nitewolf wrote:
> On Sun, 23 Oct 2005 12:31:19 +1300, Enkidu wrote:
>
>
>> Nitewolf wrote:
>>
>>> On Sat, 22 Oct 2005 17:58:21 +1300, Enkidu wrote:
>>>
>>>
>>>
>>>> Nitewolf wrote:
>>>>
>>>>
>>>>> my account is able to sudo and be a superuser.
>>>>> but the original "global superuser" password was
>>>>> never asked for and it seems it is a mysterious
>>>>> super guy on the system. i tried to sudo chmod
>>>>> from an ordinary user account and it had asked
>>>>> for a password. since i was not logged in, my
>>>>> password do not work. i tried the sudo -u
>>>>> username and it doesn't work too.
>>>>>
>>>>> is there a need to at least know and change the
>>>>> global "root" fella? is the password for it set
>>>>> randomly during installation?
>>>>
>>>> If you are logged in as usera then the password
>>>> sudo asks for first is usera's password. It won't
>>>> work if usera is not in the sudoers file. The -u
>>>> option sets the user you want to act as.
>>>>
>>>> What you need to do is login with a user who is
>>>> named in the sudoers as someone who can issue the
>>>> 'passwd' command.
>>>>
>>>> Then you can 'sudo passwd root' and the first
>>>> password requested is the password of the user
>>>> issuing the sudo command. Then you will be asked to
>>>> supply a new password for root twice.
>>>>
>>>> You can then logoff and login as root with the new
>>>> password.
>>>>
>>>> You could also switch to single-user mode, I think,
>>>> and set root's password there and then reboot.
>>>>
>>>> Cheers,
>>>>
>>>> Cliff
>>>
>>>
>>>
>>> Thanks,
>>>
>>> things i'd like to clarify
>>>
>>> 1) If userA is not allowed to sudo (not in sudoers
>>> list), an administrator uses userA terminal and sudo
>>> with his password? "sudo -u adminB <command>" it will
>>> work right? and asks for adminB passwd?
>>>
>>
>> If someone (adminB) goes to "userA's terminal" and logs
>> in as adminB, then the system sees adminB on the
>> system. The system does not have a concept of "userA's
>> terminal". It just sees a user logged in at a terminal.
>>
>>
>> If userA is not in sudoers, userA cannot issue the sudo
>> command. If another user (adminB), who IS in sudoers,
>> logs in at the machine that userA normally uses, then
>> the system sees adminB logged in. It doesn't care that
>> adminB is using the machine that userA normally uses.
>> adminB can then do whatever adminB has rights to do,
>> including sudo if he/she has that.
>>
>> The easy way to find out if your user has sudo rights
>> is to issue the command 'sudo -l'. If you get a "sorry"
>> message your user does not have sudo rights, but if you
>> get prompted for your password, you do have sudo rights
>> (in some form or other!)
>>
>>> 2) Does the sudo work for only that command or will
>>> authorization stay for all other commands within that
>>> "sudoed" terminal? sometimes i was not asked for the
>>> passwd again, and sometimes i have to. is there a
>>> timeout factor?
>>>
>>
>> The admin for the machine can give a sudo user rights
>> to issue any commands or all commands, or no commands.
>> The sudo command itself only works for that command.
>>
>>> 3) Root, being the superuser does not need to sudo
>>> after his login?
>>>
>>
>> OK, this may the source of some confusion. Please read
>> carefully below. There are two commands, 'sudo' and
>> 'su'. 'sudo' allows you to issue one command as root or
>> another user. root does not need to use sudo. 'su'
>> allows you to change to another user temporarily.
>> Anyone can issue the 'su' command, provided they know
>> the password of the user that is specified in the su
>> command.
>>
>> Example, you are logged in as userA. You issue the 'su'
>> command.
>>
>> su - adminB (Don't worry about the '-' at this stage)
>>
>>
>> You get a prompt for adminB's password and you are
>> logged in as adminB. When you are done, you issue
>> 'exit' and drop back to userA.
>>
>> Example, if you say
>>
>> su -
>>
>> then you will be logged in as root, if you know root's
>> password.
>>
>> Example, you are logged in as userA. You issue the
>> 'sudo' command.
>>
>> sudo su - adminB
>>
>> If you are in sudoers, you get prompted for *userA's*
>> password, and are logged in as adminB. Crucial point,
>> you don't need to know the root password. When you are
>> done you can 'exit' back to userA.
>>
>> Example, if you do
>>
>> sudo su -
>>
>> You will be logged in as root (assuming sudoers is so
>> configured) but you will need to know only your own
>> password, not root's.
>>
>> root *is* superuser.
>>
> Thanks . "terminal" i meant the text console terminal on
> the desktop and not the system. i get what you mean.
>
OK, one last thing then. If you are logged in as userB and
since you mention "the desktop" I'm assuming you are using
X, then if you open a "text console terminal", I'm guessing
that you are opening an XTerm, (may be called something
different, eg gterm, kterm, or rxvt...).
The crucial thing to remember is that you *CANNOT* (sudo and
su aside) gain extra priviledges over the user that you
logged in as. The XTerm will open with a prompt as if userB
had logged in to a console. However it is not really a
console but for most things that doesn't matter.
Cheers,
Cliff
-- Barzoomian the Martian - http://barzoomian.blogspot.com
- Next message: Enkidu: "Re: hardware clock tweaking"
- Previous message: Enkidu: "Re: CUPS No Canon Printer"
- In reply to: Nitewolf: "Re: Sudo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
