UbuntuHelp:RootSudo

文章出处:

https://help.ubuntu.com/community/RootSudo

点击翻译:

English

In Linux (and Unix in general), there is a superuser named root. The Windows analog of root is Administrator. The superuser can do anything and everything, and thus doing daily work as the superuser can be dangerous. You could type a command incorrectly and crash the system. Ideally, you run as a user that has only the privileges needed for the task at hand. In some cases, this is necessarily root, but most of the time it is a regular user.

By default, the root account is locked in Ubuntu. This means you cannot login as root or use su. Instead, the installer will setup sudo to allow the user that is created during install to run all administrative commands.

This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical sudo to prompt for a password. When sudo asks for a password, it needs YOUR USER Password; this means that a root password is not needed.

Notes

• The password is stored by default for 15 minutes. After that time, you will need to enter your password again.
• Your password will not be shown on the screen as you type it, not even as a row of stars (******). It is going in, however!
• To run the graphical configuration utilities with sudo, simply launch the application via the menu.
• To run a program using sudo that normally is run as the user, such as gedit, press Alt+F2 and enter gksudo gedit.
• For users of Kubuntu, use kdesu in replacement for gksudo.
• To use sudo on the command line, preface the command with sudo, as below:

Example #1

sudo chown bob:bob /home/bob/*

Example #2

sudo /etc/init.d/networking restart

• NEVER use sudo to start graphical programs. You should always use gksudo or kdesu to run such programs, otherwise new login attempts may fail. If this happens and at login an error message reports: "Unable to read ICE authority file", log in using the failsafe terminal and execute the command below substituting your username for user.

rm /home/user/.{ICE,X}authority

• To start a root shell (i.e. a command window where you can run root commands), starting root's environment and login scripts, use:

sudo -i     (equivalent to sudo su -)

• To start a root shell, but keep the current shell's environment, use:

sudo -s     (equivalent to sudo su)

• To login as another user (on the command line, use something like gdmflexiserver for a graphical login)

sudo -i -u username

Allowing other users to run sudo

To add a new user to sudo, open the Users and Groups tool from System --> Administration menu. Then click on the user and then on properties. Choose the User Privileges tab. In the tab, find Executing system administration tasks and check that.

/!\ In the terminal this would be: sudo adduser $user admin, where you replace $user with the name of the user.

Benefits of using sudo

The benefits of leaving root disabled by default include the following:

• The installer has to ask fewer questions
• Users don't have to remember an extra password, which they are likely to forget
• It avoids the "I can do anything" interactive login by default -you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing.
• Sudo adds a log entry of the command(s) run (In /var/log/auth.log). If you mess up, you can always go back and see what commands were run. It is also nice for auditing.
• Every cracker trying to brute-force their way into your box will know it has an account named root and will try that first. What they don't know is what the usernames of your other users are.
• Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from groups, while not compromising the root account.
• sudo can be setup with a much more fine-grained security policy
• The authentication automatically expires after a short time (which can be set to as little as desired or 0); so if you walk away from the terminal after running commands as root using sudo, you will not be leaving a root terminal open indefinitely.

Downsides of using sudo

Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:

• Redirecting the output of commands run with sudo can catch new users out. For instance consider sudo ls > /root/somefile will not work since it is the shell that tries to write to that file. You can use `ls | sudo tee -a /root/somefile` to append, or `ls | sudo tee /root/somefile` to overwrite contents. You could also pass the whole command to a shell process run under sudo to have the file written to with root permissions, such as `sudo bash -c "ls > /root/somefile"`.
• In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to leave the system unusable unless cracked. An extra local user, or an enabled root password is needed here.

Misconceptions

• Isn't sudo less secure than su?

 The basic security model is the same, and therefore these two systems share their primary weaknesses.  Any user who uses `su` or `sudo` must be considered to be a privileged user.  If that user's account is compromised by an attacker, the attacker can also gain root privileges the next time the user does so. The user account is the weak link in this chain, and so must be protected with the same care as root.

 On a more esoteric level, `sudo` provides some features which encourage different work habits, which can positively impact the security of the system.  `sudo` is commonly used to execute only a single command, while `su` is generally used to open a shell and execute multiple commands.  The `sudo` approach reduces the likelihood of a root shell being left open indefinitely, and encourages the user to minimize their use of root privileges.

• I won't be able to enter single-user mode!

 The sulogin program in Ubuntu is patched to handle the default case of a locked root password.

• I can get a root shell from the console without entering a password!

 You have to enter your password.

 Console users have access to the boot loader, and can gain administrative privileges in various ways during the boot process.  For example, by specifying an alternate `init(8)` program.  Linux systems are not typically configured to be secure at the console, and additional steps (for example, setting a root password, a boot loader password and a BIOS password) are necessary in order to make them so.  Note that console users usually have physical access to the machine and so can manipulate it in other ways as well.

Going back to a traditional root account

<!> This is not recommended!

Consider using the below command instead:

sudo -i

That will open up a root console temporarily. Enabling the root account in Ubuntu is neither supported nor necessary. Anything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo.

If the root account is enabled and you wish to disable it, open a terminal and issue the following command:

sudo passwd -l root

Drag & Drop Sudo

This is a trick from the forums.

Create a launcher with the following command:

gksudo "gnome-open %u"

When you drag and drop any file on this launcher (it's useful to put it on the desktop or on a panel), it will be opened as root with its own associated application. This is helpful especially when you're editing config files owned by root, since they will be opened as read only by default with gedit, etc.

CategorySecurity