Ubuntu Sudo: How to Perform administrative tasks

Every computer needs a system administrator. This person is responsible for the initial configuration and maintenance of your equipment and your Ubuntu operating system: creating user accounts, installing programs, configuration of equipment, etc. The administrator is a person with a user account with additional privileges.

In Ubuntu, the fulfillment of privileged work (or administrative tasks) is done through a “filter” Powerful called sudo . Its principle is:

  • All administrative tasks can be executed only through the administration utility sudo. Executed appetizers sudo, the task is blocked;
  • When a user attempts to perform an administrative task through the filter sudo, the utility verifies that the user has the right to perform this task. Otherwise, it blocks the task.

Ubuntu Sudo: How to Perform administrative tasks

1. Prerequisites

To perform administrative tasks through the utility sudo, your user account must be promoted to the role of administrator (also called “super user”).

You have an administrator account when:

  • your user account is one that was created when installing Ubuntu. By default, this account is a privileged account, and this is the only privileged account;
  • or when an administrator has manually promoted your user account to the Administrator role.

Bring to the section “How to assign the administrator role to a user account?” to learn how to promote an existing user account to the Administrator role, or see “Add or remove privileges to a user account or a user group” to configure more precisely the privileges granted by the utility sudo.

2. Using Ubuntu Sudo

2.1. Running a graphical applications (Ubuntu, Xubuntu)

  1. The utility gksudo (or gksu ) is not installed by default in versions of Ubuntu Trusty 14.04 and beyond. Install the package gksu
  2. Press [Alt] + [F2] on your keyboard to open a program execution calls;
  3. Execute the following command to run the program of your choice through the utility gksudo or gksu :

    gksudo "program name"

    Enter the instruction as "gksudo" program name "" (eg "gksudo" update-manager "").

    Enter the instruction as "gksudo program name" (eg "gksudo xdg-open / etc / default / grub").

  4. Click on the result;
  5. A password entry dialog appears. Enter the password of your current user account.
    Enter your password.

If you have not entered a wrong password, your program loads in privileged mode. If an error in your password, repeat the above steps. Upon successful authentication, administrative tasks are released for a period of 15 minutes: your password will not be asked in the next 15 minutes to perform other administrative tasks.

2.2 Running a graphical applications (Kubuntu)

  1. Press [Alt] + [F2] on your keyboard to open a program execution calls;

  2. Execute the following command to run the program of your choice through the utility sudo :

    kdesudo "program name"

    Use quotation marks to enclose the name of your program, especially if it uses several arguments.
    Enter the instruction as "gksudo" program name "" (eg "kdesudo" kpackagekit "").

  3. A password entry dialog appears. Enter the password of your current user account.
    Enter your password.

If you have not entered a wrong password, your program loads in privileged mode. If an error in your password, repeat the above steps. Upon successful authentication, administrative tasks are released for a period of 15 minutes: your password will not be asked in the next 15 minutes to perform other administrative tasks.

2.3 Running a graphical applications as 14.04 and later

In a terminal , type the following command:

pkexec env DISPLAY = $ DISPLAY = $ XAUTHORITY XAUTHORITY "program name"

 

2.4 Run an application or a console command (all variants)

  1. Open a terminal window ;
    Open a terminal window in Ubuntu
  2. Execute the following command to execute a console command through the utility sudo , then press the [Enter] key on your keyboard:

    sudo <command>

    Enter your order without the brackets, even if your order contains multiple arguments.
    Enter the instruction as "sudo <command>" (eg "sudo apt-get update").

  3. A password entry dialog appears. Enter the password of your current user account. No character appears when you enter characters on your keyboard; this is normal. Although nothing appears on the screen, your password is considered.

If you have not entered a wrong password, your order will be executed immediately in privileged mode. If an error in your password, repeat the above steps. Upon successful authentication, administrative tasks are released for a period of 15 minutes: your password will not be asked in the next 15 minutes to perform other administrative tasks.

2.5 When should you use sudo / gksudo / kdesudo?

The rule is simple:

  • To run a program in fashion graphics , use gksudo (Ubuntu and Xubuntu) or kdesudo (Kubuntu)
  • To execute a command in console mode, use sudo .
Use the Best Practices!
At present, there are several times in this documentation or the forums where you see instructions to use sudo <command> to run many programs in graphic mode with administrative privileges. While this still works for many programs, you should make a habit of preferring gksudo or kdesudo. Used sudoto run applications in graphic mode can cause problems in your current user session, preventing you to continue your work.

3.0. How to assign the administrator role to a user account in Ubuntu?

Promote a user account to the administrator position in Ubuntu 10.04 LTS

Only administrators can perform administrative tasks through the utility sudo. To increase the privileges of a user account, you must yourself first be an administrator. To assign the Administrator role to another user account:

  • In Ubuntu and Xubuntu: using the user management module of the system control panel to change its privileges;
  • In Kubuntu: use the account management module for users of the KDE administration panel to change its privileges;
  • In console mode: Open a terminal and run the following command:

    sudo adduser &lt;username&gt; sudo

    which <username> must be replaced by the username of the user account (without the <tags>) to which additional privileges must be granted.

Note that changes privileges are not applied upon registration. They are applied only when all current sessions are closed to that rate. At the next logon for this account, the new privileges are taken into account.

Bring to the section “Add or remove privileges to a user account or a user group” to configure more precisely the privileges granted by the utilitysudo.

4.0 Go further

4.1 Advanced configuration of the sudo utility

sudocan be set finely to allow or deny the execution of privileged tasks. More than simply allow execution of all administrative tasks to a group of users by password authentication sudocan be configured to allow a particular user or a particular user group to perform one or more tasks specific, with or without password entry. Other parameters such as the waiting period before a re-authentication is needed, where is logged to the event log and the level of courtesy sudo, are also customizable.

  • Advanced configuration of / etc / sudoers

4.2 The benefits of sudo

The benefits of employment sudo, as opposed to the direct use of a single root account ( root), many are for use in a domestic environment or SME / SMI:

  • The Ubuntu installer has to ask fewer questions. This is particularly important for the new arrival, who may not be aware of the usefulness of the root account and its hazardous potential;
  • Administrators do not have to remember an extra password, they can easily forget, or compromise the security of the account rootby bad habits;
  • This prevents the behavior of “I can do everything on my machine” before performing an administrative action Ubuntu asks for your password, which should reflect the directors of the consequences of their action;
  • sudokeeps track of every command run. If a problem occurs, you can always check the newspaper to find the command that caused the problem;
  • All hackers trying to break through brute force your system know that there is an account called rootand try to hack it first. They do not know the identifiers of other users of your computer;
  • This allows fast transfer of administrative rights for both the long and for the short term, by simply adding or removing a user from the administrative group. All without compromising the security of your computing environment by sharing a single password for the account root ;
  • sudo can be configured with a more refined policy.

4.3 “Sudo” is not less secure than “su root”?

The basic security model is the same, and both models share the same weakness. Any user using su rootor sudoto perform administrative tasks must be considered as a privileged user. If the user’s account is compromised by an attacker, the latter can also obtain elevated privileges and compromise the operating system. Users with administrative rights must be protected with the same care as the root account.

On a more esoteric notes, note that sudoencourages change in working habits, which may cause a positive impact on the security of the operating system. sudois usually used to execute a single command, then that su rootis often used to run a terminal rootand run multiple commands. The approach sudoreduces the possibility that a terminal rootis left open indefinitely on the job and encourages the user to minimize its use of administrative privileges.

4.4 Observe the job log executed previously by “sudo”

All actions performed through the utility sudo– it to pass with success or failure – are logged. They are recorded in the log file / var / log / auth.log .

4.5 Open a terminal as root

Use sudoto execute a single command does not cause a real inconvenience, but it can be unpleasant to use it to run a long process requiring several interventions in super-user mode ( root). Opening a terminal mode rootavoids having to call sudoat each stage of this procedure, without having to enable access to the user account root. The disadvantage of this method is no record of the actions taken is not recorded in the logsudo(if the opening of the terminal rootitself). It is not advisable to open a terminal root.

To use a terminal root:

  1. Open a terminal window ;
  2. Enter the following command:

    @ Computer user: ~ $ sudo -i
  3. Enter your password in the password input prompt;
  4. Run your set of administrative commands;
  5. Log off root:

    root @ computer: ~ # exit

    or Ctrl+D

4.6 Redirect a stream with “sudo”

sudoposes a priori problems for redirecting flow in a console. For example, the following redirection will not work:

@ Computer user: ~ $ sudo echo 2&gt; / proc / acpi / thermal_zone / ATF0 / polling_frequency

The reason for this failure is that sudoonly executes the first task ( echo 2) with the borrowed identity; redirection, it is done in user mode only.

The solution to overcome this limitation is to call a new shell and make it run your redirect flows. For example :

@ Computer user: ~ $ sudo sh -c 'echo 2&gt; / proc / acpi / thermal_zone / ATF0 / polling_frequency'

In this way, it is the interpreter shand passed as an argument command is executed with the borrowed identity.

5.0 Superusers accounts specific applications

Some programs or services require super-user accounts. This is usually the case with database systems (such as MySQL). Note that this root account is independent of the operating system: it is unique to the particular program or service. If such a program or service requires super user account, you must set up the account with the tools it provides. In this connection, bring to the help documents for each of your applications concerned.

Leave a comment

Your email address will not be published. Required fields are marked *