Questions tagged [sudo]

`sudo` is a command that allows a user to use commands with the privileges of another user, usually the root user.

sudo is a command that allows a user to use commands with the privileges of another user, usually the root user.

The difference with su is that su allows a user to become another user, and remain that user until they log out. sudo, by contrast, allows a user to execute one commend with another users privileges.

To use sudo, a user needs to enter their password, to once again verify that they are who they claim to be. Note that it is the user's own password, not the root password, that is required to use sudo.

On some systems, like Ubuntu, the root user is disabled by default, to prevent people from gaining root access by guessing the password. A user with the appropriate sudo privileges can then perform commands with root privileges by prefixing their command with sudo.

78 questions

vote

0 answers

Why does sudo remove environment variables by default?

The sudo command has the -E option that allows users to pass through all environment variables, although it's still subject to the security policy configuration. So, is the use of -E inherently unsafe? Can someone offer a specific example of how…

linux sudo

asked Oct 18 '20 at 06:16

sa___

vote

1 answer

Properly granting restrictive administrative privileges to developers on a production server

I am a business owner with a strong technical background, say a programmer, though not an advanced system administrator. I've bought a VPS server where I want to host several applications and webpages. One of the apps consists of a back end, admin…

linux account-security permissions sudo

asked Jun 12 '20 at 13:38

artteq

vote

1 answer

Rate my idea: NodeJS as root behind Apache as a proxy with password

I'm the admin of a small Linux server owned by a relative of mine. He's fairly tech savvy, but more at a level of a power user than an expert. I want to make a handy visual tool for him that would allow to do some simple server tasks: add/remove…

web-application sudo

asked Mar 10 '20 at 22:23

Vilx-

vote

1 answer

Using a pen drive + secure certificate instead of sudo passwords

Is this recommended and/or possible? I just don't like the idea of anyone beside me being able to see when I type my password.

sudo hardware-token

asked Feb 28 '20 at 13:43

Adrian Lopez

vote

1 answer

Why not use sudo instead of setuid/setgid?

If it is an insecure practise to use setuid/setgid binaries, why do distributions, OSes force it? The big question: what prevents using sudo instead of the setuid/setgid binaries? "ping" would be enough for root, no? If a user wants it, give it…

privilege-escalation sudo

asked Dec 23 '19 at 12:34

HolcombSimons

vote

2 answers

sudo whitelist just program perl

In visudo Ubuntu I whitelist this program myuser ALL=(root) NOPASSWD:/myuser/program.pl when I run sudo /myuser/program.pl I get prompt to set password. The solution is to add to visudo /usr/bin/perl myuser ALL=(root)…

web-application linux web-service privilege-escalation sudo

asked Oct 22 '19 at 11:01

The nothing

vote

0 answers

Preventing Linux brute force concurrent su/sudo attempts

Its well known that popular Linux distros use the PAM default to slightly delay incorrect login attempts, thus mitigating brute-force attacks against a user account (for example, running su repeatedly with different password input). The PAM delay is…

brute-force threat-mitigation sudo pam

asked Jul 09 '19 at 00:05

tasket

vote

1 answer

sudo restrictions circumvention with pkexec: root shell

I had corrupted my sudo setup. With no possibility to login as root (locked root account, broken sudo), a search made it clear: use pkexec. It worked. So far, so good. But that turns out to be a big security hole: a user that is part of the 'sudo'…

account-security privilege-escalation sudo

asked May 21 '19 at 08:57

JeliJami

vote

1 answer

Using SUID program to avoid having entries in sudoers

Well, I've done a lot of reading and documentation around possible exploitation of sudoers files and SUID programs, but don't have a deep enough knowledge to pick up the wisest possible solution for my problem. We're currently developping a…

linux permissions privilege-escalation root sudo

asked Mar 15 '19 at 10:12

programmersn

vote

1 answer

Does it make sense to check command integrity after running it as root?

The other day Dave was hurrying for his project at night. He wanted to install homebrew on his Mac. He typed "homebrew" in Safari search bar, pressed return, and clicked into the first link. He copied the command on the webpage, pasted it into the…

sudo root terminal

asked Nov 17 '18 at 11:53

tonychow0929

2,247
3
13
14

vote

1 answer

What can an attacker do in this scenario? (unwritable bashrc, profile, etc.)

Scenario: Typical Linux desktop setup: unprivileged user but with sudo capabilities to do basically everything For the sake of argument let's forget about X11 and its way to allow trivial keyloggers, so let's say the distro is using Wayland or…

linux attack-vector bash code-execution sudo

asked Jun 17 '18 at 11:32

reed

15,398
6
43
64

vote

1 answer

What is a safe way to exit a user's shell?

If I change to a potentially compromised user in Unix, for example by using su or sudo -i, then exit with exit, the compromised user could alias exit to something which drops me into a fake shell which has a keylogger. For example, I might: su to…

linux privilege-escalation sudo

asked Nov 03 '17 at 18:12

markasoftware

vote

2 answers

Why is there no option for separate sudo password?

This has bugged me for some years now. I had a small webserver and I used ssh to log in remotely. I noticed that from the very first day there were brute force attacks to my ssh. This made me think about security and I realised that if a system has…

sudo

asked Jun 06 '17 at 14:03

tst

vote

2 answers

Does a basic sudo-less Linux user or a sudo user but with a password for sudo offer enough security against webpages exploits?

Question: I would like to know if it is good protection to browse the net using a non sudo, basic user account, on my Linux distro against webpage exploits such as scripts and other cross-platform threats based on HTML, Java, JavaScript, PDF, Perl,…

exploit javascript sudo

asked May 04 '17 at 07:34

MFJC

vote

4 answers

Is there a criteria for allowing or disallowing the execution of bash scripts as root with sudo?

What criteria could I take in order to to allow or disallow the execution of bash scripts with sudo as root? I know I should analyze the script but I have not enough time and I trust my developers. My criteria today is to request the script user…

bash sudo

asked Sep 07 '16 at 14:34

Eloy Roldán Paredes

1,507
12
25

Prev 1 2 3

5 6 Next