As you know by now, logging in as root gives you the power to make changes across the entire Unix system, not just within the directories and files that you individually have permissions to access, read, or modify. Of course, having all this power also comes with responsibilities—not to screw up the entire system, among other possibilities. Especially as you’re learning about system administration, you may want to experiment with these skills by logging in as sudo instead. Using the sudo utility, you can run some commands as if you were root, but it’s not as risky as being root. The real root user has to give permission to use sudo, and sometimes the permission is limited to using specific utilities—you’ll have to experiment.
[jdoe@frazz jdoe]$ cd /var/log [jdoe@frazz log]$ tail messages tail: messages: Permission denied [jdoe@frazz log]$ sudo tail messages We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things: #1) Respect the privacy of others. #2) Think before you type. Password: Jan 25 06:01:01 frazz CROND[22809]: (root) CMD (nice -n 19 run-parts /etc/cron.hourly) Jan 25 06:01:01 frazz CROND[22810]:(mail)CMD(/usr/bin/python-S/var/lib/mailman/cron/qrunner) Jan 25 06:01:01 frazz su(pam_unix)[22814]: session opened for user news by (uid=0) Jan 25 06:01:01 frazz su(pam_unix)[22814]: session closed for user news Jan 25 06:01:02 frazz msec: unable to run chage: chage: unknown user: ejray Jan 25 06:01:03 frazz msec: changed mode of /var/log/news/nntpsend.log from 660 to 640 Jan 25 06:02:00 frazz CROND[22865]:(mail)CMD(/usr/bin/python-S/var/lib/mailman/cron/qrunner) Jan 25 06:03:00 frazz CROND[22867]:(mail)CMD(/usr/bin/python-S/var/lib/mailman/cron/qrunner) Jan 25 06:04:00 frazz CROND[22872]:(mail)CMD(/usr/bin/python-S/var/lib/mailman/cron/qrunner) Jan 25 06:04:17 frazz sudo:jdoe : TTY=pts/1 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/tail messages [jdoe@frazz log]$. |
Note that all uses of sudo are logged. If your system administrator won’t be happy with your experimenting with being root, don’t use sudo on any system other than your own. In Code Listing 16.1, we show the difference between being a normal user and acting with authority with sudo.
1. | cd /var/log; tail messages As plain-old you, try to look at the system log files in /var/log. On a Linux system, it’s usually /var/log/messages; on a Solaris system, it’s usually /var/adm/ messages. Other Unix flavors will have other, but similar, locations. Note that some of these files will require root access to view them, while others won’t. If you can view a file as you, then choose a different file to see how sudo helps. |
2. | sudo tail messages After permission was denied on the previous attempt, use sudo before the command to try to issue the same command with root authority. |
3. | ******* Enter your password after the interesting warning, and then note that the command succeeded this time (see Code Listing 16.1). |
✓ Tips
After you’ve used sudo once, you can use it again within a specific amount of time (usually five minutes) without entering your password again.
Some versions of sudo have pretty entertaining prompts if you mess up your password (Code Listing 16.2). You’re likely to irritate your system administrator tremendously if you try to look at these on purpose, though.
If you haven’t been given permission (not just technical permission, but actual, “you may do this” permission) to use sudo, don’t. Everything that happens with sudo is logged, and you’ll probably have to answer for your actions.
Whenever possible, it’s better to use sudo only when you need it, than to become root. Any typo can be problematic, and it’s a good thing to have to consciously add sudo when you want to act with root authority.
1001 jdoe@foo $ sudo ls
Password:
My mind is going. I can feel it.
Password:
Take a stress pill and think things over.
Password:
He has fallen in the water!
sudo: 3 incorrect password attempts
1002 jdoe@foo $
|