|Developer(s)||Todd C. Miller|
sudo 1.8.17 / June 18, 2016
sudo (// or //) is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. It originally stood for "superuser do" as the older versions of sudo were designed to run commands only as the superuser. However, the later versions added support for running commands not only as the superuser but also as other (restricted) users, and thus it is also commonly expanded as "substitute user do". Although the latter case reflects its current functionality more accurately, sudo is still often called "superuser do" since it is so often used for administrative tasks.
Unlike the related command su, users must, by default, supply their own password for authentication, rather than the password of the target user. After authentication, and if the configuration file, which is typically located at /etc/sudoers, permits the user access, the system invokes the requested command. The configuration file offers detailed access permissions, including enabling commands only from the invoking terminal; requiring a password per user or group; requiring re-entry of a password every time or never requiring a password at all for a particular command line. It can also be configured to permit passing arguments or multiple commands.
Robert Coggeshall and Cliff Spencer wrote the original subsystem around 1980 at the Department of Computer Science at SUNY/Buffalo. As of 2007[update] the current version is under active development, maintained by OpenBSD developer Todd C. Miller and distributed under a ISC-style license.
In November 2009 Thomas Claburn, in response to concerns that Microsoft had patented sudo, characterized such suspicions as overblown. The claims were narrowly framed to a particular GUI, rather than to the sudo concept.
Unlike the command su, users supply their personal password to sudo if necessary. After authentication, and if the configuration file permits the user access, the system invokes the requested command. By default the user's password can be retained through a grace period (15 minutes per pseudo terminal), allowing the user to execute several successive commands as the requested user without having to provide a password again.
sudo may be configured to log each command run. When a user attempts to invoke sudo without being listed in the configuration file, an exception indication is presented to the user indicating that the attempt has been recorded. The root user will be alerted via mail and an entry is recorded in the system log.
The file /etc/sudoers may contain a list of users to execute a subset of commands while having the privileges of the root user or other specified user. The program may be configured to require a password or none at all.
In some system distributions, sudo has largely supplanted the default use of a distinct superuser login for administrative tasks, most notably in some Linux distributions as well as Apple's Mac OS X.
Tools and similar programs
The program runas provides similar functionality in Microsoft Windows, but it cannot pass current directories, environment variables or long command lines to the child. And while it supports running the child as another user, it does not support simple elevation. A true su and sudo for Windows that can pass all of that state information and start the child either elevated or as another user (or both) is included with Hamilton C shell.
Graphical user interfaces exist for sudo, notably kdesudo, and gksudo. Other user interfaces are not directly built on sudo, but provide similar temporary privilege elevation for administrative purposes, such as User Account Control in Microsoft Windows and Mac OS X Authorization Services.
- Todd C. Miller (2011-06-17). "Sudo License". Sudo.ws. Retrieved 2011-11-17.
- Miller, Todd C. "Troubleshooting tips and FAQ for Sudo". Retrieved 2009-11-20.
- "How do YOU pronounce "sudo"?". Ars Technica.
- Cohen, Noam (May 26, 2008). "This Is Funny Only if You Know Unix". The New York Times. Retrieved April 9, 2012.
- Haeder, A.; Schneiter, S. A..; Pessanha, B. G.; Stanger, J. LPI Linux Certification in a Nutshell. O'Reilly Media, 2010. p. 409. ISBN 978-0596804879.
- Miller, Todd C. "A Brief History of Sudo". Retrieved 2007-03-05.
- Lilly, Paul. "Microsoft has Patented "sudo." Yes, the Command". Retrieved 2009-11-13.
- Thomas, Claburn (2009-11-16). "Does New Microsoft Patent Infringe On Unix Program Sudo? Some in the open source community suspicious of Microsoft's intent". Dark Reading. Retrieved 2010-11-29.
A patent granted to Microsoft (NSDQ: MSFT) has stirred up worry that world's largest software company wants to claim Unix's "sudo" as its own. [...] In short, suspicions about this patent are overblown.
- Eaton, Nick (November 12, 2009). "Did Microsoft just sneakily patent an open-source tool?". seattlepi.com. Retrieved April 24, 2011.
- "Manpage for sudo". Retrieved 2007-11-04.
- "RootSudo". Community Ubuntu Documentation. Help.ubuntu.com. 2011-11-08. Retrieved 2011-11-17.
- "Top Ten Mac OS X Tips for Unix Geeks". MacDevCenter.com. Retrieved 2011-11-17.
- "SELinux Lockdown Part Five: SELinux RBAC". Retrieved 2012-11-17.
- "su". Hamilton Laboratories. Retrieved August 17, 2015.
- "Predefined aliases: sudo". Hamilton Laboratories. Retrieved August 17, 2015.
- "Introduction to Authorization Services Programming Guide". Developer.apple.com. Retrieved 2011-11-17.