SUDO/SU Password Issue
Alexander Skwar
listen at alexander.skwar.name
Fri Aug 4 08:02:12 UTC 2006
Duncan Lithgow <duncan at lithgow-schmidt.dk>:
> On Fri, 2006-08-04 at 09:12 +0200, Alexander Skwar wrote:
>> Of course there IS a root user on Ubuntu. This user has no password
>> and the account is locked. It's also true, that the root account
>> isn't generally used.
> I don't understand, so there is a root account, but it's locked?
Yep.
> Does
> that mean that the sudo list allows people to run _as if_ they had the
> right of the root account?
Yep, that's exactly what sudo does.
[09:58:02 vz6tml at dewudb05:~] $ ls -la /opt/iexpress/sudo/bin/sudo
---s--x--x 2 root root 176128 2005-11-14 05:39 /opt/iexpress/sudo/bin/sudo
(That's from a HP system, but it doesn't matter)
As you can see, the permissions are set to 4111, or u=sx,go=x. The s
stands for "sticky" and means, that the program will be executed with
the rights of the *OWNER* of the file (in this case: root). Normally,
programs are executed with the rights of the person who executes the
program.
So, yes, if you do "sudo ls", ls is executed as if you first had logged
in with root. (More or less: Some env. vars aren't reset, some env.
vars are added.)
Does that explain it a bit better?
Alexander Skwar
--
Old robot: I choose to believe what I was programmed to believe.
More information about the ubuntu-users
mailing list