|This is the talk page for discussing improvements to the Sudo article.
This is not a forum for general discussion of the article's subject.
|WikiProject Computer Security / Computing||(Rated B-class, Low-importance)|
|WikiProject Computing / Software / FOSS||(Rated B-class, Low-importance)|
- 1 Permissions
- 2 man page?
- 3 Microsoft Patent Dispute
- 4 License?
- 5 Examples
- 6 Is it "substitute user do" or "superuser do"?
- 7 safety with sudo
- 8 Advantages, problems
- 9 Added alternative pronunciation
- 10 Location of command
- 11 It's NOT Super-User Do
- 12 Mac OS X sudo frontend
- 13 Should sudowin have its own article?
- 14 Password required
- 15 Password
- 16 it is substitute user do
- 17 In Popular Culture
- 18 Re: "SUper-user DO" edit.
- 19 Sudo Fun
- 20 Example with 'sudo emacs' is bad.
- 21 1985 source code of sudo
- 22 Configuration
- 23 Implications
If a sudoer creates a file, which are the permissions on the file? Who is the owner, which mask? An eventually under which environment the commands are invoked? (setenv) These are questions I would like an answer. — Preceding unsigned comment added by 220.127.116.11 (talk) 01:10, 10 October 2013 (UTC)
Is this just adapted from the man page? :/ Nile 16:01, 2004 Oct 15 (UTC)
Microsoft Patent Dispute
Is this a joke? How is Microsoft so arrogant to claim this and I hope no one is stupid enough to accept it.
- Isnt this part of the long list of undisclosed "patent violations" Microsoft keep shouting about? John.n-irl 08:38, 8 July 2007 (UTC)
- haha, this is a joke. The article cited does not mention it. I'm removing it.--Ktdreyer 19:22, 31 July 2007 (UTC)
Patent 6,775,781 is a patent on UAC, not sudo. It's entirely irrelevant to sudo, and it's probably merely a defensive move by Microsoft anyway.
The page says sudo is under a BSD-style license, But http://www.sudo.ws/ clearly states it's under an ISC-style license.. —The preceding unsigned comment was added by 18.104.22.168 (talk • contribs).
- ISC is modified BSD. NicM 10:29, 26 February 2007 (UTC).
Some examples would be really great An example could be: sudo ifconfig,...
The XKCD comic (link given above) is a very popular one, which is googled up quite often. It would be great to include a link and description, for the text "Sudo make me a sandwich" —Preceding unsigned comment added by 22.214.171.124 (talk) 06:01, 30 December 2007 (UTC)
Is it "substitute user do" or "superuser do"?
http://www.sudo.ws/ says it's "superuser do". Most other references I have seen say it's "substitute user do", but this may be historical revisionism, so to say. Both expansions of sudo are apparently widely used, so perhaps the article should just explain this? —Tobias Bergemann 16:01, 14 February 2006 (UTC)
- Todd does NOT know what he's talking about. Granted, he should - but he does not. sudo is based on su where it's substitute user all the way. Further: sudo, like su, only infers root by default: any other user account can be specified. Superuser do is therefore in all respects INCORRECT. —The preceding unsigned comment was added by 126.96.36.199 (talk)
- Todd should know what he's talking about, so I'll trust superuser do. Janizary 21:32, 23 February 2006 (UTC)
- This is an utterance of the ignorant. There is no research to back this random statement up; there is no history of skills on the platform; there are no references whatsoever. If Wiki is to progress beyond this power trip thinking that's currently debilitating things the 'nannies' are going to have to refocus on facts rather than personal prestige. —The preceding unsigned comment was added by 188.8.131.52 (talk)
- Unfortunately in this case, Todd doesn't know what he's talking about. It's one of the most incorrectly used terms in UNIX. The original command is "su" which stands for "substitute user." People call it "super user" because you generally use the "su" command to obtain root privileges. However the "su" command is literally used to substitute users, and it doesn't have to be root. Commonly developers "su" to application accounts and so forth. Sudo is a play on the "su" command by appending the verb "do." Seeing that sudo allows you to perform commands as other users, including non-root users, by definition it's "substitute user do." In my opinion the term "super user" is poor adjective for the real term "root user." The original intent was clear enough without using another adjective to describe it, which changes the definition. Dhanks 03:43, 19 August 2006 (UTC)
- Yes. Obviously. —The preceding unsigned comment was added by 184.108.40.206 (talk)
- Is there some reference that states that sudo's name is tied to su? User:pottmi 08:23, 17 September 2006 (UTC)
- Yes. Brain power. —The preceding unsigned comment was added by 220.127.116.11 (talk)
- Here is the complete and exact text from Todd Miller to me July 25, 2006:'The correct pronunciation is sue due / soo doo for "superuser do".' User:pottmi 08:23, 17 September 2006 (UTC)
- It doesn't matter what TODD C MILLER says. It's WRONG. It doesn't even make SENSE. sudo substitutes users - PERIOD. You can run any command as any other user - period. If you have a user on your system 'Arne', does su then stand for 'Arne user'? Stick to FACTS. —The preceding unsigned comment was added by 18.104.22.168 (talk)
A recent edit removed the "substitute user do" again with the comment "The person who makes something names it, Todd C Miller has said it is superuser do and thus sudo is superuser do." While I agree with this comment I would like to at least add a note to the article to mention that there are sources that claim sudo stands for "substitute user do". I fear that without such a note the article would be changed again back by the next editor who was taught the "substitute user do" expansion at school. — Tobias Bergemann 09:47, 5 March 2007 (UTC)
- Then that recent edit is vandalism. Really - stop this childish bickering. Next you'll have to call in ken, dmr, and bwk to slap you around a bit. —The preceding unsigned comment was added by 22.214.171.124 (talk)
- Todd C Miller didn't create sudo, it says so there right there in the article. However, is there any reason the program's official website shouldn't be considered canonical on this? Unless there is a citable quote from the original authors, in which case both should be mentioned. NicM 10:51, 5 March 2007 (UTC).
- 'The person who makes something names it, Todd C Miller has said it is superuser do'. But Miller did not 'make' sudo - he's just breast feeding it today. If Miller were right about everything then everyone else would have to be wrong period - and what's worse: you'd have to CHANGE the syntax (and the code Ms Miller maintains) to no longer allow sudo to 'substitute' for another user at is has always been designed to do.
- This type of misconception is normally taken care of in Comp Sci 101 where students invariably guess su and the su in sudo stand for 'superuser'. But that account is normally known as root and any teacher will correct the students if they're wrong.
- It's like someone saying the sky is mauve rather than blue and having to contend with that kind of nonsense. If Ms Miller must be right about everything, then the creators of su, and of sudo, and the doyens of Unix from CSRC such as bwk, ken, dmr, aho, doug, and the rest must be all wrong. How logical is that?
- It's time to let people who actually work with this technology - and are not neophytes at it - have a say in how these important things are presented to the world at Wiki. Being ambitious and wanting to contribute to articles despite an embarrassing lack of experience in the field is simply - the word would have to be either 'arrogant', 'childish', 'immature', or all of the three.
- —The preceding unsigned comment was added by 126.96.36.199 (talk)
- The website for sudo clearly says it is "superuser do" and so far nobody has provided a useful cite showing the original authors intended otherwise. At best, "substitute user do" could be presented in the article as an occasional alternative. Program names frequently drift from being absolutely appropriate as requirements change or features are added and removed, just becaue it doesn't seem to make sense now doesn't mean it never did (not that it doesn't make sense now: although sudo can be used to change to any user, it is most commonly used for root privileges, and, yes, root on Unix is referred to as the superuser account). Claiming that everyone who disagrees with you is ignorant and childish is not only wrong, but actually is both childish and arrogant. Not to mention believing this is an important thing. NicM 10:55, 20 March 2007 (UTC).
- —The preceding unsigned comment was added by 188.8.131.52 (talk)
- History is key to understanding this. Sudo originally only supported running commands as root, hence "superuser do". The ability to run commands as other, non-root, users was inspired by other programs, such as runas (which I hacked on a bit when I interned at UUNET in the early 90's). Specifically, the -u flag first appeared in Sudo version 1.4.3. The checkin date for that feature was April 28, 1996. Now, that said, I don't really have an objection to updating the description--sudo has been able to run as different users for over a decade now so "substitute user" is really more accurate. I'll update the Sudo web page to reflect this which, hopefully, will put this issue to rest. Sudoer 01:20, 15 May 2007 (UTC)
- To resolve the matter I sent an email to Bob Coggeshall, who is cited as one of the two original creators of sudo. Here his reply:
from Bob Coggeshall <firstname.lastname@example.org>
date 18 November 2008 17:13
subject Re: The meaning of "sudo"
It had no official mnemonic->word translation at inception. We were only looking for a short mnemonic and 'su' plus the word 'do' fit the bill.
I think the earliest man pages wrote the synopsis as as "do super thing", but that was made up by a subsequent developer.
- Let's end this debate.
I wrote an email to Todd Miller:
- Where did the name 'sudo' originate, and does it have a particular
- correct or proper expansion? Was its name based on that of su?
And he responded:
- Older versions of sudo were only capable of running commands as root, so at the University of Colorado (where this version of sudo originated) we thought of sudo as "super user do". Starting with version 1.4.3, sudo added support for running commands as users other than root. This made it more like su (switch user) and at that point it was no longer accurate to call it "super user do".To Up until recently, the sudo web site still said "super user do" in the description but I've since changed that to say "su do".
Since it is used both ways—including by the current maintainer and the original developers, as Hypocryptickal's email showed—, perhaps the entry should reflect that. Wikipedia is descriptive, not prescriptive; whether or not it should be "substitute user, do", we should reflect that both have been and currently are used. Perhaps the current introductory sentence,
Should reflect both usages, becoming
- The sudo (substitute user do or super user do, //, though /ˈsuːdoʊ/ is also common) command is a program
And finally end this debate, letting exhausted Wikipedians rest. The above statement reflects fact, not intent.
I always thought that it was pronounced sue-doe, as in pseudo. It always made sense to me as a pun on su. But that's me and you can't legitimately cite yourself. —Preceding unsigned comment added by 184.108.40.206 (talk) 17:48, 11 February 2008 (UTC)
- http://www.sudo.ws/ now explains the name simply as "su do," allowing the reader to disambiguate for him- or herself. As there is an existing Su (Unix) article explaining the ambiguity, it should suffice for this article simply to reflect the reference to the ambiguously-named command. Clayton Hynfield (talk) 14:26, 30 April 2009 (UTC)
safety with sudo
Mentioning visudo as a safe way to edit /etc/sudoers
would be is a good idea. If you use another text editor and make a typo, you could corrupt the sudoers file, preventing sudo access for everyone! Perhaps calling this out a bit more could save some problems. Pockeyman 00:50, 21 July 2006 (UTC)
- You might also point out that KF and LMH of the MOAB highlighted a few more rabbit holes with sudo: namely never invoke sudo against something you can't control. Running a world writable script or for that matter running anything world writable with sudo is asking for trouble. For obvious reasons.
- sudo is a convenience and as always with conveniences it's a question of balancing against security as TCM often has pointed out. sudo can get you pwned. Use of sudo must therefore be discreet. —The preceding unsigned comment was added by 220.127.116.11 (talk)
Also I feel that a note about command side effects should be mentioned. For instance, it might be good to give a reminder that vi or emacs have shell escape modes. So by giving sudo access to these programs, the users have shell with root privs! Pockeyman 00:50, 21 July 2006 (UTC)
- Definitely. Running vi or emacs with sudo is nonsense anyway. You run them with copies of your sensitive files and then use sudo if you need to copy/move your files back into place. Obviously. Shell escapes coupled with privilege escalation is downright foolish. —The preceding unsigned comment was added by 18.104.22.168 (talk)
I'm fairly happy with changes I've just done, but there really needs to be an "Advantages" section highlighting *why* sudo is used, and it's advantages over direct root logins or su-ing. The disadvantages/problems are in the article, but just not clearly enough identifiead as such, imho. --Snori 09:10, 5 August 2006 (UTC)
Added alternative pronunciation
Typically people (I do) prnounce as initially described (as in sudoku), but I have heard others pronounce the, possibly more correct term using 'do' as in 'doop' and not as in 'dough', as the 'do' is literally the word, 'do'. So I added that to the article. Reikon 20:39, 6 October 2006 (UTC)
(Insert in prnounce.)
- Why "doop", rather than "doom" which is an actual English word? All the meanings of doop given on the wiki page seem pretty obscure, so why would you expect people to know how it is pronounced? --Jwwalker 22:40, 16 October 2006 (UTC)
- I have, and will continue to pronounce it 'soo-dough' since this sounds like 'pseudo' the english prefix for disguise/pretence (i.e. pretending to be a different user) Stu Hacking talk 21:53, 19 May 2008 (UTC)
Location of command
I think the default location of the command should also be listed. --Darth Borehd 05:04, 30 October 2006 (UTC)
By default, it's installed into
/usr/bin. IlliterateSage 08:45, 3 November 2006 (UTC)
It's NOT Super-User Do
Enough of this nonsense. And no, it doesn't matter what Ms Miller says. Let us quote from the manpage for sudo - which presumably Miller also maintains.
sudo - execute a command as another user
sudo -V | -h | -l | -L | -v | -k | -K | -s | [ -H ] [-P ] [-S ] [ -b ] | [ -p prompt ] [ -c class|- ] [ -a auth_type ] [ -u username|#uid ] command
As is clearly seen, sudo can be used to execute commands as ANY user. root being default changes nothing.
Enough of this nonsense. As you expressly get to decide on which account you execute your commands, as the title of the page says expressly 'execute a command as ANOTHER user', the debate should fairly be closed.
- cat(1) says:
cat - concatenate and print files
- So cat should quite clearly be called catprint. I'm not even going to start on why anyone would possibly think it was sensible to call editors "vi" and "emacs." NicM 11:00, 20 March 2007 (UTC).
Lots of UNIX programs have weird, inappropriate names. This is partly because their authors really enjoy jokes (UNIX itself being a homonym for eunuchs). It's also because keyboard keys used to actually require a fair amount of force to depress, as they actually had to generate some current from the force of the keystroke. Because of this, lots of commands have very succinct names like
ed for editor, or
vi for visual mode in
ex. I bet typing the word "concatenate" more than once a day would be quite the pain in the wrists, so they called it
cat. But who cares? What's in a name? I imagine the name sudo does mean "substitute user do", if it means anything, as
su stands for "substitute user" and not "super user". Remember that
su let's you assume the shell of any user, not just root. (By the way, I don't think people should say things like "enough of this nonsense" to their fellow Wikipedians. That's rude and it's not productive. Instead, do some homework and try to help your fellow man learn.) Justin Force 19:34, 15 June 2007 (UTC)
- Imagining is all good and well, but we need a cite. I think the whole issue is fairly clear when you consider http://www.google.co.uk/search?q=%22superuser+do%22 (13000 results) vs http://www.google.co.uk/search?q=%22substitute+user+do%22 (650 results). The latter is a later change by a few people who think it makes more sense as the abilities of sudo have drifted. NicM (talk) 20:03, 11 January 2008 (UTC).
I don't think that's clear at all, since almost nobody who understands where sudo came from needs to spell it out. The etymology has little to do with its later abilities: it is because the name came from su. Which stands for substitute user.03:55, 12 January 2008 (UTC)~ —Preceding unsigned comment added by 22.214.171.124 (talk)
- Please supply a cite showing that sudo is named after su and not after superuser. NicM (talk) 16:12, 12 January 2008 (UTC).
- Here's an alternative citation - a pretty good one. The original source for sudo states "do as superuser". It does not use the word switch or substitute: https://groups.google.com/forum/#!searchin/net.sources/sudo/net.sources/rdwIP38fbCo/1L3R9K9zbEYJ Philipwhiuk (talk) 15:21, 28 January 2016 (UTC)
Official versions of history for eunuchs is often inaccurate. This is because lusers often have different man pages then network users. — Preceding unsigned comment added by 2607:FCC8:A552:8200:D869:D7C:2ADF:ED98 (talk) 21:44, 2 March 2018 (UTC)
Mac OS X sudo frontend
Does Mac OS X's graphical frontend to
sudo have a name? IlliterateSage 08:43, 3 November 2006 (UTC)
- Apple use their own 'authorization services' which naturally - out of safety considerations - have nothing to do with sudo. sudo runs from its own configuration files and Apple's privilege escalation trampoline runs its own way. They have no connection whatsoever.
Should sudowin have its own article?
It's worth noticing that sudo does not exist to avoid using the root password. This is common usage in the new Mac/Ubuntu approach but in fact by default it requires the root password, and this is how it is used in most Linux distributions e.g. openSUSE. I have updated the main page accordingly and this is referenced back to the manpage. —Preceding unsigned comment added by 126.96.36.199 (talk) 12:15, 4 November 2007 (UTC)
- This was not exactly true, how it was worded. I have changed the wording. The issue that is confusing is this: if you run the sudo command, it will prompt for your "USER" password, then allow you to run a command with "ROOT" authority. By default, it does not require the root password. --Unixguy 17:15, 5 November 2007 (UTC)
Yeah, the entire point of sudo is totally to avoid giving out the root password, and to allow the admins to have a say in who gets to run stuff as root. Always has been. su does need the password of the user you are changing to, unless you are root. Note that this means you have full root access with "sudo su -" which asks you for your password, and not root's (because the su command is ran as root, and thus needs no password). 188.8.131.52 (talk) 16:49, 8 July 2019 (UTC)
"A user must confirm his identity to sudo by supplying his password before running the target program" This is false, since sudo has the NOPASSWD option. No mention of this option is included in this article. I'll make a change, if no one objects. Llamabr (talk) 03:48, 8 January 2008 (UTC)
it is substitute user do
because "sudo -u adam command" would run command as adam, therefore it is subsitute user do. also the su command stands for substitute user. —Preceding unsigned comment added by 184.108.40.206 (talk) 00:23, 18 August 2008 (UTC)
- It is not. The original source mentions 'do as superuser' not 'substitute a user': https://groups.google.com/forum/#!searchin/net.sources/sudo/net.sources/rdwIP38fbCo/1L3R9K9zbEYJ 220.127.116.11 (talk) 10:50, 6 January 2016 (UTC)
In Popular Culture
Removed the whole section since it only had the one sentence and the image it referred to was deleted. I thought about putting in an external link, but it really didn't seem worth it. Still, it's there if someone wants to put it back in. Cosmo0 (talk) 23:03, 7 May 2010 (UTC)
Re: "SUper-user DO" edit.
Pardon the temerity guys, but that was a very helpful way to think of sudo for me, which is why I inserted it into the intro parenthetical.
The article 'Sudo Fun' in the external links section doesn't appear to be a guide to sudo as described, but a description of some of the security issues with sudo on Mac OS X. I think it isn't exactly relevant to this article. Tweisbach (talk) 01:46, 1 October 2010 (UTC)
Example with 'sudo emacs' is bad.
For security reasons never grant user sudo privileges for any tool that is capable to open then edit and save config files (like vim, emacs, etc) unless you also grant this user full root access. ( via 'sudo -i').
1985 source code of sudo
The 1985 posting of the source code of sudo to the usenet group net.sources is available in the archive of such groups at archive.org: https://archive.org/download/usenet-net/net.sources.mbox.zip The message ID in question is: 2622@sunybcs.UUCP. It did not contain any version of the "sudo lecture". JesseW, the juggling janitor 07:48, 15 June 2015 (UTC)
The file /etc/sudoers may contain a list of users to execute a subset of commands while having the privileges of the root user or other specified user.
The middle portion of that sentence seems poorly worded and should probably be re-written.
Perhaps something as follows?
"The file /etc/sudoers may contain a list of users authorized to execute a subset of commands as if they had the privileges of the root user or other specified user. "
But "may contain" is still ambiguous. Is that "may" meaning might / possibly will? Or "may" meaning is allowed to?
Would it be worthwhile to mention here that some Linux distributions, such as Ubuntu in its many forms, is set up so that all system administration is done via sudo, with no root password set by default, and your first user is automatically a member of wheel? Other distros, such as Fedora (the one I use) require you to set a root password before the system is installed. Again, your first regular user is in wheel by default, but that's an option that you can unselect if you prefer. I'd just add it, but I'm not completely sure it's needed. Thoughts? JDZeff (talk) 00:15, 23 February 2018 (UTC)