linux - Sudo vs root; any actual differences?
2014-06
I'm working with a support member for a product, and he insists that I need to be root to install a series of patches, and that sudo won't work; he doesn't provide a reason but seems very firm in his beliefs. Browsing Superuser I can't determine any possible reason for this being the case, and in confirmation, when I run:
sudo -l
I get:
...
User [MY USERNAME] may run the following commands on this host:
(ALL) ALL
Getting access from the Linux/server team to actually be root is not an imediate process as I understand, so I'd prefer to install them myself.
Is there any practical reason whatsoever why sudo would behave differently than root for installing software on a server?
If you have full sudo
access, you can become root
using sudo su -
, so the point is moot.
However, I don't think there is a way to discern the difference between a program run as root
and a program ran under sudo
.
It strongly depends on how you call your program with sudo
or su
.
E.g. on the system on which I am in this moment:
.bashrc
COMMAND $HOME $USER Env. $PATH
1. sudo -i (root) root root [1]
2. sudo -s (USER) root USER /home/${USER}/bin:[1]
3. sudo /bin/bash (USER) root USER /home/${USER}/bin:[1]
4. sudo su (root) root USER [1]:/usr/games:/usr/local/games
5. sudo su - (root) root root [1]
Where [1]=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Env=Environment variables are reset for 1 and 5, taken from $USER in 2,3,4.
So a script, or a program that is launched with a different option can see different $PATH
, $HOME
, its shell can read different .bashrc
,.profile
and Environment variables. It reads the file related with the $HOME
. Each user can modify his environment in a different way (variables, $PATH
, .bashrc, .profile, .bash_profile...).
You can run the program under sudo -i
as you were logged as root with su -
,
but you can have different behaviour if you run it with sudo MyCommand
or with su MyCommand
.
From man su
:
In the description part:
The current environment is passed to the new shell. The value of $PATH is reset to /bin:/usr/bin for normal users, or /sbin:/bin:/usr/sbin:/usr/bin for the superuser
...
In the options part:
-, -l, --login
Provide an environment similar to what the user would expect had the user logged in directly.
From man sudo
-i, --login
Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's -c option. If no command is specified, an interactive shell is executed.sudo
attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. The Command Environment section in the sudoers(5) manual documents how the -i option affects the environment in which a command is run when the sudoers policy is in use.
There are a few differences if you are getting a root shell, as pointed out by @Hastur.
If you are not getting a root shell, then there are more differences. The support member may have experience trying to do things like sudo patch -p0 < /root/patch.file
where patch
is run as root, but <
(piping from a file) is not.
It depends how fine grained you want the root access to be. If you have several users that perform different tasks on a system then sudo would be more ideal. One example I use frequently is the need to restart an application or database. Security is always best done least privileged. I use groups and only allow those groups to perform explicit actions. A good book that describes this process is "Sudo Mastery: User Access Control for Real People". Actually it is a good book about sudo in general...
Is there Any latest linux distro which gives full root access ( NO SUDO ) ? I want to use it for programming in which I have to use / file system very frequently.
What I need is any good linux distro with Nice Installer like Synaptic and Fast Bootup speed like ubuntu 9.04.
Does Fedora 11 gives full root access?
Thanks, Sunny.
Becoming root for one session:
In Ubuntu you can become root for the remainder of the session by typing:
# old-school method
sudo su
# new hotness, comes highly recommended
sudo -i
More information and related reading.
Permanently enabling the root account:
Further, you may permanently enable the root account by typing:
sudo passwd root
and providing a root password. You can then log in as root at your leisure without needing to use sudo
.
Why not just log in as root when you start up? You provide the root password in the install process of most distributions (Fedora as you mentioned, is an example). If you forgot this you can reset it from a user account:
sudo passwd root
it will then ask you for your new UNIX password.
If you'd like to become root temporarily AND use root's environment settings:
sudo su -
fedora offer full root access by typing
su
Or you can use your debian based distro (ubuntu) and type
sudo bash
to get semi-permanent root shell.
Puppy Linux boots and will auto-login with root user by default.