sudo: Basic Concept

This document applies to the following products and product versions:

Every PRODUCT system separates the normal user (the user who is currently logged in) from the root for security reasons. To execute commands which can only be executed by the root, you need root privileges. On each PRODUCT system, the following options areavailable to log in as root:

Note: root vs. sudo

For security reasons and to avoid mistakes, it is not recommended to log in as root. With sudo you can log in as regular user and execute commands with elevated privileges.

On PRODUCT, sudo is configured to work similarly to su. However, sudo provides a flexible mechanism that allows users to run commands with privileges of any other user. This can be used to assign roles with specific privileges to certain users and groups.

For example, it is possible to allow members of the group users to run a command with the privileges of user wilber. Access to the command can be further restricted by disallowing any command options. While su always requires the root password for authentication with PAM (pluggable authentication modules), sudo can be configured to authenticate with your own credentials. This ensures higher security as the users do not have to share the root password.

To use sudo, you need to have the sudo package installed which is usually available by default on PRODUCT.

Tip

The sudo --help command offers a brief overview of the available command line options.