Questions tagged [sudo]

`sudo` is a command that allows a user to use commands with the privileges of another user, usually the root user.

sudo is a command that allows a user to use commands with the privileges of another user, usually the root user.

The difference with su is that su allows a user to become another user, and remain that user until they log out. sudo, by contrast, allows a user to execute one commend with another users privileges.

To use sudo, a user needs to enter their password, to once again verify that they are who they claim to be. Note that it is the user's own password, not the root password, that is required to use sudo.

On some systems, like Ubuntu, the root user is disabled by default, to prevent people from gaining root access by guessing the password. A user with the appropriate sudo privileges can then perform commands with root privileges by prefixing their command with sudo.

78 questions

110

votes

11 answers

Is `sudo` almost useless?

Once an attacker has a shell as your sudoer user (or just compromised a local process enough), he/she can use one of the many privilege escalation tool to even automatically put themselves for example as apt or some other processed called by root to…

privilege-escalation sudo

asked Jun 08 '20 at 07:28

Wernight

1,187
2
8
8

102

votes

13 answers

Why is root security enforced but $HOME typically unprotected?

Coming from the comments in this question Why is it bad to log in as root?: The sudo mechanics is in use so non-administrative tools "cannot harm your system." I agree that it would be pretty bad if some github project I cloned was able to inject…

linux permissions sudo root

asked Feb 26 '18 at 16:00

phil294

1,032
2
6
11

votes

6 answers

Is `curl {something} | sudo bash -` a reasonably safe installation method?

The most straightforward way to install NodeJS on Ubuntu or Debian seems to be Nodesource, whose installation instructions say to run: curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - This clashes with some basic security rules I…

curl sudo install

asked Jul 12 '19 at 18:13

Krubo

votes

5 answers

SSH key auth, but still need password for sudo?

SSH with public-private key authentication comes enabled by default with most Linux distributions. This is great because when I create accounts for remote users I don't have to email them sensitive info(passwords). However, this process becomes…

passwords authentication ssh sudo

asked Nov 10 '14 at 22:21

Mxx

votes

5 answers

What are the potential vulnerabilities of allowing non-root users to run apt-get?

There are two ways I can think of doing this: On a system with sudo, by modifying /etc/sudoers. On a system without sudo (such as a Docker environment), by writing a program similar to the below and setting the setuid bit with chmod u+s. apt-get…

ubuntu permissions sudo

asked Jun 11 '20 at 23:30

kzl

votes

5 answers

Why should one use sudo?

Most modern Linux articles advice using sudo rather than logging into root. This advice is so ingrained, some distros don't automatically allow root login. Indeed they come pre-configured with sudo using the users password to run arbitrary commands…

linux unix sudo

asked Apr 04 '16 at 04:47

Charles Shiller

votes

6 answers

Why is it considered safe to install something as a non-root user in Linux environments?

We always hear it is safe to run unknown programs as non-root users in Linux because non-root users are sandboxed from the system level and can't change anything out of their permission scope. If need be, as root user one can always delete a…

linux keyloggers permissions sandbox sudo

asked Apr 29 '16 at 14:20

user1717828

2,392
13
19

votes

4 answers

Is it safe to allow www-data to execute privileged commands?

I have noticed several questions on Stack Overflow, like this one, about executing commands with root privileges using PHP. The answer proposed to add the line www-data ALL=(ALL) NOPASSWD: ALL to the /etc/sudoers.d file. Is it a safe approach to…

php vulnerability sudo

asked Feb 29 '16 at 19:13

UserK

votes

3 answers

Best practices for hardening sudo?

Every hardening guide I read recommends forbidding to login to root account and instead using sudo. I can understand this if you set a strict sudoers file which only enables the necessary commands for each group and user. But on every server I put…

hardening sudo

asked Aug 30 '16 at 13:59

MarcelBrouette

votes

4 answers

Is it safer to ssh as a privileged user than to ssh and sudo?

I came across this old paper, discussing the possibility of password length information being disclosed when usin SSH: Timing Analysis of Keystrokes and Timing Attacks on SSH. The paper has been discussed here before . This made me wonder: should…

passwords ssh sudo

asked Dec 01 '15 at 11:07

tarleb

1,200
9
22

votes

2 answers

Is it secure to mount Veracrypt without sudo password in this way

Does this way have any security issues other than what's mentioned in that post? For reference: Create a new group called say veracryptusers and give it the necessary permissions to use VeraCrypt without root password. Any user that belongs to that…

vulnerability privilege-escalation veracrypt sudo

asked Jan 28 '18 at 09:17

Guesting

votes

5 answers

How can one tell if a binary is safe to give sudo permissions for to an untrusted user?

sudo is sometimes used to give untrusted or "semi-trusted" users the ability to perform certain tasks as root, while not giving them unlimited root access. This is usually done via an entry into /etc/sudoers, specifying which programs can be…

linux privilege-escalation sudo

asked Nov 27 '19 at 14:47

user163495

votes

1 answer

Is disabling sudo password prompt a security risk?

I was reading the this question over on Ask Ubuntu and they suggest adding the following line to etc/sudoers so that you're not prompted to enter your password each time you run sudo %admin ALL=(ALL) NOPASSWD:ALL Is this a security risk and if so,…

passwords sudo

asked Jan 08 '16 at 19:26

jwerre

votes

2 answers

What does this sudo -l output mean and can this be priv. escalated?

I am trying to do priviledge escalation of a linux box. My sudo -l output shows the following : www-data@box:/scripts$ sudo -l sudo -l Matching Defaults entries for www-data on box: env_reset, mail_badpass, …

linux privilege-escalation sudo

asked Feb 08 '18 at 18:14

Sankalp Singha

votes

4 answers

Does the new Fedora package manager allow unauthorized installations?

I just upgraded to Fedora 22. The biggest change from the previous version is that the yum package manager is now replaced with dnf. One change I've noticed is that if you try to execute a command that comes from a common package which is not yet…

linux privilege-escalation sudo install

asked Jun 16 '15 at 01:01

Woodrow Barlow

2 3 4 5 6 Next