Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / sudo: Basic Concept

sudo: Basic Concept

Publication Date: 20 Jan 2023

1 Environment

 

This document applies to the following products and product versions:

  • SUSE Linux Enterprise Server 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Server for SAP Applications 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise High Availability Extension 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise High Performance Computing 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Desktop 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Real Time 15 SP3, 15 SP2, 15 SP1, 15 GA

2 Introduction

 

For security reasons, all PRODUCT systems separate the normal user (the user who is currently logged in) from the root user. To execute commands which can only be executed by the root, you need to have root privileges. Each PRODUCT system, offers the following options to log in as root:

  • su: allows you to run a command as root but requires to know the root password. All commands executed with su are not logged.

  • sudo: allows you to run a command as root. Depending on the configuration, the command does not require the root password. All commands executed with su are logged.

Note
Note: root vs. sudo

For security reasons and to avoid mistakes, it is not recommended to log in as root. With sudo you can log in as regular user and execute commands with elevated privileges.

3 How it works

 

On PRODUCT, sudo is configured to work similarly to su. However, sudo provides a flexible mechanism that allows users to run commands with the privileges of any other user. You can use sudo to assign roles with specific privileges to certain users and groups.

For example, it is possible to allow members of the group users to run a command with the privileges of user wilber. Access to the command can be further restricted by disallowing any command options. While su always requires the root password for authentication with PAM (pluggable authentication modules), sudo can be configured to authenticate with your own credentials. This ensures higher security as the users do not have to share the root password.

To use sudo, you need to have the sudo package installed which is usually available by default on PRODUCT.

Tip
Tip

The sudo --help command offers a brief overview of the available command line options.

4 Related topics

 

  • Basic sudo usage

  • Advanced sudo usage

  • Configuring sudo

  • Authentication with PAM