Jump to content

sudo: Basic Concept

Publication Date: 09/24/2021

1 Environment

  • File Name: concept-sudo.xml
  • ID: concept-sudo-environment

This document applies to the following products and product versions:

  • SUSE Linux Enterprise Server 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Server for SAP Applications 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise High Availability Extension 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise High Performance Computing 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Desktop 15 SP3, 15 SP2, 15 SP1, 15 GA

  • SUSE Linux Enterprise Real Time 15 SP3, 15 SP2, 15 SP1, 15 GA

2 Introduction

  • File Name: concept-sudo.xml
  • ID: no ID found

Every PRODUCT system separates the normal user (the user who is currently logged in) from the root for security reasons. To execute commands which can only be executed by the root, you need root privileges. On each PRODUCT system, the following options areavailable to log in as root:

  • su: allows you to run a command as root but requires to know the root password. All commands executed with su are not logged.

  • sudo: allows you to run a command as root. Depending on the configuration, the command does not require the root password. All commands executed with su are logged.

Note
Note: root vs. sudo

For security reasons and to avoid mistakes, it is not recommended to log in as root. With sudo you can log in as regular user and execute commands with elevated privileges.

3 How it works

  • File Name: concept-sudo.xml
  • ID: no ID found

On PRODUCT, sudo is configured to work similarly to su. However, sudo provides a flexible mechanism that allows users to run commands with privileges of any other user. This can be used to assign roles with specific privileges to certain users and groups.

For example, it is possible to allow members of the group users to run a command with the privileges of user wilber. Access to the command can be further restricted by disallowing any command options. While su always requires the root password for authentication with PAM (pluggable authentication modules), sudo can be configured to authenticate with your own credentials. This ensures higher security as the users do not have to share the root password.

To use sudo, you need to have the sudo package installed which is usually availabe by default on PRODUCT.

Tip
Tip

The sudo --help command offers a brief overview of the available command line options.

4 Related topics

  • File Name: concept-sudo.xml
  • ID: no ID found
  • Basic sudo usage

  • Advanced sudo usage

  • Configuring sudo

  • Authentication with PAM

Print this page