linux - Sudo vs root; any actual differences?

26
2014-06
  • Nex Terren

    I'm working with a support member for a product, and he insists that I need to be root to install a series of patches, and that sudo won't work; he doesn't provide a reason but seems very firm in his beliefs. Browsing Superuser I can't determine any possible reason for this being the case, and in confirmation, when I run:

    sudo -l

    I get:

    ...
User [MY USERNAME] may run the following commands on this host:
    (ALL) ALL

    Getting access from the Linux/server team to actually be root is not an imediate process as I understand, so I'd prefer to install them myself.

    Is there any practical reason whatsoever why sudo would behave differently than root for installing software on a server?

    • Answers
  • msw

    If you have full sudo access, you can become root using sudo su -, so the point is moot.

    However, I don't think there is a way to discern the difference between a program run as root and a program ran under sudo.

  • Hastur

    It strongly depends on how you call your program with sudo or su.
    E.g. on the system on which I am in this moment:

                      .bashrc                        
    COMMAND        $HOME   $USER  Env.  $PATH
 1. sudo -i        (root)   root  root  [1]
 2. sudo -s        (USER)   root  USER  /home/${USER}/bin:[1]
 3. sudo /bin/bash (USER)   root  USER  /home/${USER}/bin:[1]  
 4. sudo su        (root)   root  USER  [1]:/usr/games:/usr/local/games  
 5. sudo su -      (root)   root  root  [1]

    Where [1]=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    Env=Environment variables are reset for 1 and 5, taken from $USER in 2,3,4.

    So a script, or a program that is launched with a different option can see different $PATH, $HOME, its shell can read different .bashrc,.profile and Environment variables. It reads the file related with the $HOME. Each user can modify his environment in a different way (variables, $PATH, .bashrc, .profile, .bash_profile...).

    You can run the program under sudo -i as you were logged as root with su -, but you can have different behaviour if you run it with sudo MyCommand or with su MyCommand.

    From man su:

    In the description part:
    The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser
    ...
    In the options part:
    -, -l, --login
    Provide an environment similar to what the user would expect had the user logged in directly.

    From man sudo

    -i, --login
    Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's -c option. If no command is specified, an interactive shell is executed. sudo attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. The Command Environment section in the sudoers(5) manual documents how the -i option affects the environment in which a command is run when the sudoers policy is in use.

  • Jayen

    There are a few differences if you are getting a root shell, as pointed out by @Hastur.

    If you are not getting a root shell, then there are more differences. The support member may have experience trying to do things like sudo patch -p0 < /root/patch.file where patch is run as root, but < (piping from a file) is not.

  • meredithkm

    It depends how fine grained you want the root access to be. If you have several users that perform different tasks on a system then sudo would be more ideal. One example I use frequently is the need to restart an application or database. Security is always best done least privileged. I use groups and only allow those groups to perform explicit actions. A good book that describes this process is "Sudo Mastery: User Access Control for Real People". Actually it is a good book about sudo in general...


    • Related Question

    Any latest linux distro which gives full root access ( NO SUDO )?
  • Sunny Shah.

    Is there Any latest linux distro which gives full root access ( NO SUDO ) ? I want to use it for programming in which I have to use / file system very frequently.

    What I need is any good linux distro with Nice Installer like Synaptic and Fast Bootup speed like ubuntu 9.04.

    Does Fedora 11 gives full root access?

    Thanks, Sunny.


    • Related Answers
  • quack quixote

    Becoming root for one session:

    In Ubuntu you can become root for the remainder of the session by typing:

    # old-school method
sudo su

# new hotness, comes highly recommended
sudo -i

    More information and related reading.


    Permanently enabling the root account:

    Further, you may permanently enable the root account by typing:

    sudo passwd root

    and providing a root password. You can then log in as root at your leisure without needing to use sudo.

  • John T

    Why not just log in as root when you start up? You provide the root password in the install process of most distributions (Fedora as you mentioned, is an example). If you forgot this you can reset it from a user account:

    sudo passwd root

    it will then ask you for your new UNIX password.

    If you'd like to become root temporarily AND use root's environment settings:

    sudo su -
  • andrej

    fedora offer full root access by typing

    su

    Or you can use your debian based distro (ubuntu) and type

    sudo bash

    to get semi-permanent root shell.

  • Seasoned Advice (cooking)

    Puppy Linux boots and will auto-login with root user by default.