sudo
| sudo
|
|
|---|---|
|
|
|
|
| Basic data
|
|
| developer | Todd C. Miller |
| Current version | 1.8.30 (December 31, 2019) |
| operating system | GNU / Linux / Unix , macOS , BSD etc. a. |
| programming language | C. |
| category | Access control |
| License | ISC license |
| German speaking | Yes |
| sudo.ws | |
sudo ( [ˈsuːduː] , acronym for su “do” ) is a command under Unix and Unix -like operating systems such as Linux or macOS , which is used to start processes with the rights of another user (e.g. the superuser root ). In contrast to the su , which does not belong to sudo, it is possible to set which commands can be executed. The permanent change of identity is also possible through sudo -sand sudo -i.
history
The first version was created around 1980 at the State University of New York at Buffalo , because it was recognized that many students needed commands that should only be used by administrators, but which did not pose a threat to the existing system. Bob Coggeshall and Cliff Spencer implemented the command on a VAX -11/750 under 4.1BSD . The original sudo command was developed for AT&T Unix System V in 1983/84 . In 1991 Dave Hieb and Jeff Nieusma wrote a new version for the company "The Root Group". This version was later released under the GNU General Public License . Todd Miller's "CU sudo", which first appeared in 1994, was based on this. In 1999 the prefix “CU”, which had previously served to differentiate it from the “Root Group” version, was deleted. From version 1.6 the original code of this version is no longer contained in the former CU sudo, which is available under a BSD license .
configuration
The file /etc/sudoersspecifies which users or groups are allowed to run certain programs with which rights. A simple variant is e.g. B .:
%admin ALL = (root) NOPASSWD: ALL
This means that the members of the group admincan execute all commands with root rights without entering their personal password. Only certain commands can be released for the user, as in the following example user1:
user1 ALL = (root) /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade
Editing of the sudoersshould only be allowed to the superuser for security reasons.
alternative
Due to the function-related way of working to control the execution of programs, a careless extension of rights is possible via sudo. Advanced techniques such as assigning individual rights to users include role-based access control and mandatory access control .
Windows
There are implementations for Windows such as sudowin and SuRun, which partially emulate the sudo mechanism.
The runas command under Windows 2000 or higher allows programs to be started with the rights of another account if the password is known. runasdoes not correspond to sudo, but to the Unix command su .
The mechanism of the user account control under Microsoft Windows Vista and later cannot be equated with sudo either, since it switches between the two identities of the "Protected Administrator" (PA).
Web links
- Official website
- Sudo (ers) instructions for Gentoo Linux
- sudo scripts from the Free Software Foundation
Individual evidence
- ^ The sudo Open Source Project on Open Hub: Languages Page . In: Open Hub . (accessed on December 16, 2018).
- ↑ sudo license. Retrieved August 16, 2013 .
- ↑ Interview with Robert Coggeshall. Retrieved May 28, 2014 .
- ↑ Sudo Main Page. Retrieved February 23, 2015 .
- ^ History of the development of sudo. Retrieved August 29, 2013 .
- ↑ Sudo for Windows. Retrieved December 19, 2012 .
- ↑ SuRun. Retrieved December 19, 2012 .