[an error occurred while processing this directive](none)
MkLinux: Getting Started[an error occurred while processing this directive]: What now?
Think Differently. Think MkLinux.
Home | About | News | FAQ | Getting Started | Using MkLinux | Advanced Admin

[an error occurred while processing this directive] Previous [an error occurred while processing this directive] Up [an error occurred while processing this directive] Next


The sudo utility discussed on this page is installed by default on MkLinux R1, but is not installed on the older MkLinux DR3. If you have DR3 installed, you will need to install sudo before you can continue.

A very useful utility which you may want to install is known as sudo. This utility allows the root user to provide other users with special privileges. The sudo command allows an ordinary user to run commands as if he were the root user. Why would you want to do this? You may already be logged in as a user, when you decide that you need to run a single program as the root user. This may simply been to install or uninstall a software package. Sudo gives you the ability to execute one command at a time with root privileges.

I will not go into great detail on the proper configuration of sudo. You can read the man page to learn more about configuring this utility. However, since you are your own system administrator, you may want to provide yourself with the ability to execute any command as root via sudo.

The root user can grant sudo privileges to users via the /etc/sudoers file. This file is installed as part of the sudo package. You may edit this file to grant limited or full privileges to any user. Please read the man page for sudoers to learn the file syntax used for controling access privileges. For now, we will simply grant the system administrator full access. Be very cautious about giving such sweeping access to other users.

Configuring sudo

Log in as root. Now edit the file /etc/sudoers. You can do this easily by using the command visudo. This is a utility installed by the sudo package. Using this command helps to ensure that the file is altered on an atomic basis. (In other words, if another user invokes sudo while you are editing the file, they will continue to see the old file until you save your work. This is to prevent race conditions.) At the bottom of the file add the line

username ALL=(ALL) ALL

This line grants the user specified by username, the privilege to run any program on the system with root privileges. You can limit the user to individual commands. Read the man page for sudo for exact usage.

Save your work and log back in under the username to which you just granted sudo privileges.

Using sudo

Now test your ability to use sudo. Type sudo more /etc/sudoers and press return. Only root may access this file. If anyone else attempts to view the contents of this file, they will receive and access denied message. However, sudo invokes the command line with root privileges. So if you are in the sudoers file, you will be able to view the file.

However, sudo needs to ensure that you are whom you claim to be. Just because you are logged in as someone specified in the file does not mean that you are that individual. You may have logged onto the system and left the room to get a cup of coffee. When you invoke sudo, you will be prompted for your user password word. This is not the root user's password, it is the password associated with the user account invoking sudo.

If you enter your password correctly, then the command you specified will be executed. If you do not enter it correctly, sudo will give you two more attempts to enter the password. After that, it will exit and log a security violation in /var/log/sudo.log.

[an error occurred while processing this directive] Previous [an error occurred while processing this directive] Up [an error occurred while processing this directive] Next

Home | About | News | FAQ | Getting Started | Using MkLinux | Advanced Admin

Contact the web team at mklinux-www@mklinux.org.

Copyright (©) 2001 MkLinux Developers Association. Permission to freely distribute this document is hereby granted, provided that it is distributed at no charge other than normal connect-time charges. All rights other than those specifically granted above are reserved.