sudo in a terminal
|Developer(s)||Todd C. Miller|
|Stable release||1.8.7 / June 6, 2013|
sudo (// or //) is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user (normally the superuser, or root). Its name is a concatenation of
"su" (substitute user) and "do", or take action.
su command, users typically supply their own password to
sudo rather than the root password. After authentication, and if the
/usr/local/etc/sudoers (sometimes found at /etc/sudoers) configuration file permits the user access, then the system will invoke the requested command. The sudoers configuration file enables a huge amount of configurability, including but not limited to: enabling root commands only from the invoking terminal; not requiring a password for certain commands; requiring a password per user or group; requiring re-entry of a password every time or never requiring a password at all for a particular command line. It can also be configured to permit passing arguments or multiple commands, and even supports commands with regular expressions.
In contrast to systems like polkit, sudo does not encourage a broad brush approach through an API, gives more control to both developers and users, and has a much more robust design through taking advantage of the security inherent in filesystems that the foundations of Unix security is based upon. Despite claims that polkit grants fewer permissions due to sudo granting root rights to an entire process, sudo is most often used to allow a process to carry out a specific subset of its functionality that users can easily identify and modify for greater security.
The program was originally written by Robert Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo. The current version is under active development and is maintained by OpenBSD developer Todd C. Miller and distributed under a BSD-style license.
In November 2009 Thomas Claburn, in response to fears that Microsoft had patented the
sudo command, stated that such suspicions are overblown. The claims were narrowly framed to a particular GUI, rather than to the sudo concept.
su command, users typically supply their own password to sudo. After authentication, and if the configuration file permits the user access, then the system will invoke the requested command. By default the user's password can be retained through a grace period (15 minutes per pseudo terminal), allowing the user to execute several successive commands as the requested user without having to provide a password again.
sudo is able to log each command run. Where a user attempts to invoke sudo without being listed in the sudoers file an error is presented to the user indicating that the attempt has been recorded in the system log.
sudo may be configured to require the root password, or no password at all.
Tools and similar programs
visudo is a command-line utility that allows editing of the
/etc/sudoers file in a safe fashion. It opens
/etc/sudoers, using the
vi editor's interface by default (although this can be changed by setting the shell's
EDITOR environment variable to a different text editor), prevents multiple simultaneous edits with locks, performs sanity checks and checks for parse errors.
runas command provides similar functionality in Microsoft Windows, but it cannot pass current directories, environment variables or long command lines to the child. And while it supports running the child as another user, it does not support simple elevation. A true
sudo for Windows that can pass all of that state information and start the child either elevated or as another user (or both) is included with Hamilton C shell.
There exist several frontends to
sudo for use in a GUI environment, notably
gksudo, and user interfaces not directly built on
sudo but providing similar temporary privilege elevation for administrative purposes, such as User Account Control in Microsoft Windows and Mac OS X Authorization Services.
- Todd C. Miller (2011-06-17). "Sudo License". Sudo.ws. Retrieved 2011-11-17.
- Miller, Todd C. "Troubleshooting tips and FAQ for Sudo". Retrieved 2009-11-20.
- Cohen, Noam (May 26, 2008). "This Is Funny Only if You Know Unix". The New York Times. Retrieved April 9, 2012.
- White, Kevin M. (2009). Mac OS X Support Essentials V10.6. Peachpit Press.
- Miller, Todd C. "A Brief History of Sudo". Retrieved 2007-03-05.
- Lilly, Paul. "Microsoft has Patented "sudo." Yes, the Command". Retrieved 2009-11-13.
- Thomas, Claburn (2009-11-16). "Does New Microsoft Patent Infringe On Unix Program Sudo? Some in the open source community suspicious of Microsoft's intent". Dark Reading. Retrieved 2010-11-29. "A patent granted to Microsoft (NSDQ: MSFT) has stirred up worry that world's largest software company wants to claim Unix's "sudo" as its own. [...] In short, suspicions about this patent are overblown."
- Eaton, Nick (November 12, 2009). "Did Microsoft just sneakily patent an open-source tool?". seattlepi.com. Retrieved April 24, 2011.
- "Manpage for sudo". Retrieved 2007-11-04.
- "RootSudo". Community Ubuntu Documentation. Help.ubuntu.com. 2011-11-08. Retrieved 2011-11-17.
- "Top Ten Mac OS X Tips for Unix Geeks". MacDevCenter.com. Retrieved 2011-11-17.
- "SELinux Lockdown Part Five: SELinux RBAC". Retrieved 2012-11-17.
- Todd C. Miller (2011-06-17). "Visudo Manual". Gratisoft.us. Retrieved 2011-11-17.
- "Introduction to Authorization Services Programming Guide". Developer.apple.com. Retrieved 2011-11-17.