sudo
: Basic Concept
1 Environment #
This document applies to the following products and product versions:
SUSE Linux Enterprise Server 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise Server for SAP Applications 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise High Availability Extension 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise High Performance Computing 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise Desktop 15 SP3, 15 SP2, 15 SP1, 15 GA
SUSE Linux Enterprise Real Time 15 SP3, 15 SP2, 15 SP1, 15 GA
2 Introduction #
For security reasons, all PRODUCT systems separate the normal user
(the user who is currently logged in) from the root
user. To
execute commands which can only be executed by the root
,
you need to have root privileges. Each PRODUCT system, offers
the following options to log in as root
:
su
: allows you to run a command asroot
but requires to know theroot
password. All commands executed withsu
are not logged.sudo
: allows you to run a command asroot
. Depending on the configuration, the command does not require theroot
password. All commands executed withsu
are logged.
root
vs. sudo
For security reasons and to avoid mistakes, it is not recommended to log in
as root
.
With sudo
you can log in as regular user and execute commands with
elevated privileges.
3 How it works #
On PRODUCT, sudo
is configured to work similarly to
su
. However, sudo
provides a flexible mechanism that
allows users to run commands with the privileges of any other user. You can
use sudo
to assign roles with specific privileges to certain users and
groups.
For example, it is possible to allow members of the group users
to
run a command with the privileges of user wilber
. Access to the
command can be further restricted by disallowing any command options. While
su
always requires the root
password for
authentication with PAM (pluggable authentication modules), sudo
can be
configured to authenticate with your own credentials. This ensures higher
security as the users do not have to share the root
password.
To use sudo
, you need to have the sudo package
installed which is usually available by default on PRODUCT.
The sudo --help
command offers a brief overview of the
available command line options.
4 Related topics #
Basic
sudo
usageAdvanced
sudo
usageConfiguring
sudo
Authentication with PAM