4.11 Running Commands as the Superuser

Before you see any more system commands, you should learn more about how to run commands as the superuser. You probably already know that you can run the su command and enter the root password to start a root shell. This practice works, but it has these disadvantages:

You have no record of system-altering commands.
You have no record of the users who performed system-altering commands.
You don't have access to your normal familiar shell environment.
You have to type the root password.

Most larger workstation installations employ a package named sudo to allow administrators to run commands as root when they are logged in as themselves . For example, if you want to use vipw to edit the /etc/passwd file, you could do it like this:

 sudo vipw

When you run this command, sudo logs this action with the syslog service under the local2 facility, so that you have a record of what you did.

Of course, the system doesn't let just any user run commands as the superuser; you must configure the privileged users in the /etc/ sudoers file. As it turns out, sudo has a great many options (that you'll probably never use), and the side effect of this is that the /etc/sudoers file has a somewhat complicated syntax. Here is an example file that gives user1 and user2 the power to run any command as root without having to enter a password:

 User_Alias ADMINS =  user1  ,  user2  ADMINS ALL = NOPASSWD: ALL root   ALL=(ALL) ALL

The first line defines an ADMINS user alias with the two users, and the second line grants the privileges. The ALL = NOPASSWD: ALL part means that the users in the ADMINS alias can use sudo to execute commands as root. The second ALL means "any command." The first ALL means "any host" (if you have more than one machine, you can set different kinds of access for each machine or for groups of machines, but this book will not explain that feature).

The root ALL=(ALL) ALL simply means that the superuser may also use sudo to run any command on any host. The extra (ALL) means that the superuser may also run commands as any other user. You can extend this privilege to the ADMINS users by changing the /etc/sudoers line shown earlier to this:

 ADMINS ALL = (ALL) NOPASSWD: ALL

Note	Use the visudo command to edit /etc/sudoers . This command checks for file syntax errors after you save the file.

That's all you need to know about sudo for now. If you need its more advanced features, consult the sudoers(5) and sudo(8) manual pages.

4.11.1 Real UID and Effective UID

When changing user IDs with programs like sudo , keep in mind that there is more than one active user ID in a running program. The ID that controls your access rights is the effective user ID. When you run a setuid program, Linux sets the effective user ID to the program's owner during execution, but it keeps your original user ID in what is called a real user ID.

There is an additional saved user ID that is set to the program's owner when you run a setuid program. The idea is that a process can switch its effective user ID to the real or saved user ID during execution to perform different tasks as different user IDs.

The reason that you might see different user IDs is that, by default, sudo changes the real user ID along with the effective and saved user IDs. Some programs don't like to have a real user ID of root. If you do not want sudo to change the real user ID, add this line to your /etc/sudoers file:

 Defaults     stay_setuid