Unix/Linux Privilege Management: Should You Sudo? Here’s What It Does and Why It’s Not Enough.

Derek A. Smith, September 28th, 2017

In this blog, I am going to introduce you to sudo and su, two of the most important and most often used commands in Linux, and talk about the basic ins and outs of these tools. They can help you to prevent your users from doing unexpected things in your network that could cause performance, and more importantly, security issues to occur. Let’s begin by examining what these commands do then and the difference between them.

su and sudo – an introduction

When it comes to working with Linux, there are two ways to run administrative applications. You can either change over to the super user, also known as the root account, using the “su” command, or you can use the “sudo” command.  Which one you use will depend on which type of Linux you have. Some types, such as Fedora, Red Hat, openSuSE enable the root user, while others such as Ubuntu and Debian do not. I am going to refer to Ubuntu in this blog.

The Unix command su, stands for “substitute user,” “super user,” or “switch user,” and allows you to log in as root and do whatever you want with the system. Sudo stands for either “substitute user do” or “super user do” and it allows you to elevate your current user account to have root privileges temporarily. This is different from “su” which is not temporary. With “sudo,” you continue to use your user account, but with root privilege, whereas in “su,” you are actually logged into the root account. Also, the root privilege in “sudo” is only valid for a temporary amount of time. Once that time expires, you have to enter your password again to regain root privilege.

Using “sudo,” you can do pretty much the same things you can with “su.” To use it, you just have to add “sudo” in front of all root commands. Having root user privileges can be dangerous, but using sudo instead of su can help you keep your system secure. If you are using Linux and you want your actions to be safe, you need to know and understand these two commands.

Introduction to the “sudo” command

In Ubuntu Linux, the root account is not configured by default. If users want a root account password, they have to set it up manually to use “sudo.” Using sudo is a good way to protect the user’s computer from being used as a tool for exploitation. Whenever a user tries to install, remove or change any piece of software, he has to have the root privileges to perform such tasks. The sudo command is used to give such permissions to any particular command that a user wants to execute once the user enters a user password to give system based permissions.

Introduction to the “su” command

The Ubuntu Linux command “su”’ is used to switch from one account to another.  The user will be prompted for the password of the user to which he or she is switching. Here is an example:

$ su linuxandubuntu

password:

linuxandubuntu@derek:~$

The per can also use it to switch to the root account. If your user types only “su”’ without any option, it will be considered as root, and he or she will be prompted to enter a root user password.

Difference between sudo and su

If you use a traditional Linux setup, you are familiar with using the su command to gain root privileges. You can use it to log in as the root. With this type of Linux setup, you can log in as the root user, but I recommend that you NEVER log in as the root user. If you are using a type that relies on su and allows root user login, log in as your standard user and su to the root user.

To be safe, I recommend you use sudo (or a sudo replacement – we’ll talk about those later) to escalate privileges. With sudo, you can’t log in as a root user. In fact, using Ubuntu, the root user account is disabled, thank goodness. You also cannot use su to become the root user. You can only issue commands using sudo to gain administrative privileges.

Usage

WARNING: Now here I must warn you, configuring sudo to allow a user to perform an operation is comparable to giving that user root privileges. I caution you to ensure this is appropriate for your security needs before providing a user the power of sudo.

Using the basic form of sudo is pretty simple. Consider that you have to run the dpkg to install new software on your computer. If, as a standard user, you just issue the command dpkg -i software.deb, you will get an error message informing you that the user does not have proper permissions to execute the command. This is because standard users, by default, cannot install applications on a Linux machine. To install an application on a Linux machine, you must have super user privileges. So, to successfully run the installation, you would instead issue the command sudo dpkg -i software.deb.

Allowing root user access using sudo

In environments where security is a substantial concern, I recommend that you limit access to the root user account and password. Sudo will allow your system administrators to grant certain users (or groups of users) the ability to run commands as root.  What’s important is that all commands and arguments will be logged as part of your security and compliance protocol. Make sure that you configure your sudo security policy to log activity. You can do this using the file /etc/sudoers. Within the sudoers file, configure your groups of users and sets of commands to simplify, and audit server administration with sudo commands.

How to create an Ubuntu sudo user

The sudo command allows you to grant administrator privileges, usually only available to the root user, to regular users. Below I show you the simplest method to create a new user with sudo access without needing to modify your server’s sudoers file. If you just need to configure sudo for an existing user, skip to step 3.

Steps to create a new sudo user

1) Log in to your Ubuntu server as the root user.

  • ssh root@server_ip_address

2) Use the “adduser” command to add a new user to your system.

(Make sure that you replace “derek” with the user that you want to create – unless you want me in your accounts, LOL)

  • adduser derek
  • Set and confirm the new user’s password at the prompt. I highly recommend that you use a secure password when setting this up.

Set password prompts:

Enter new Linux password:

Retype new Linux password:

passwd: password updated successfully

  • Follow the prompts to set the new user’s information. You can opt to accept the defaults to leave all of this information blank.

User information prompts:

Changing the user information for username:

(enter the new value, or press ENTER for the default)

  • Full Name [Derek A Smith]:
  • Room Number [b8-168]:
  • Work Phone [3017779311]:
  • Home Phone [3015551212]:
  • Other [derek is so cool]:
  • Is the information correct? [Y/n]

3) Use the “usermod” command to add the user to the sudo group.

  • usermod -aG sudo derek

By default, on Ubuntu, members of the sudo group have sudo privileges.

4) Test sudo access on the new user account

  • Use the su command to switch to the new user account.
    • su – username
  • As the new user, verify that you can use sudo by adding “sudo” to the beginning of the command that you want to run with superuser privileges.
    • sudo command_to_run
  • The first time you use sudo in a session, the system will prompt you for the password of the user account. Enter the password to proceed.

Output:

[sudo] password for derek:

If your user (derek) is assigned to the correct group and you entered the password correctly, the sudo issued command should run with root privileges.

Steps to delete a sudo user

When Derek is done using the account you should delete him (me) from the account without deleting any of his  files by typing this as root:

deluser derek

If you are signed in as another non-root user with sudo privileges, you could instead type:

sudo deluser derek

If you prefer to delete the Derek’s home directory when “derek” is removed, you can issue the following command as root:

deluser –remove-home derek

If you’re running this as a non-root user with sudo privileges, you would instead type:

sudo deluser –remove-home derek

If you previously configured sudo privileges for the user you deleted, you might want to remove the relevant line again by typing:

visudo

Or use this command if you are a non-root user with sudo privileges:

sudo visudo

root    ALL=(ALL:ALL) ALL

derek ALL=(ALL:ALL) ALL   # DELETE THIS LINE

This step will prevent a new user created with the same name from being accidentally given sudo privileges.

Why sudo is not enough

OK, so now that I have provided you a brief introduction to su and sudo, and you should have an idea of how this command works and how powerful it is. But now I am afraid I am going to have to disappoint you.  You see, while sudo provides you with an adequate method for privileged access management it is a cumbersome process with the potential to create increased risk exposure when you are trying to control access in your environment, especially if it is large and diverse.

To properly use sudo you need highly skilled and highly paid system administrators to spend a great deal of time building and distributing sudoers files. Sudo also forces you to rely on the individual expertise of your system administrator to plan and implement it in such a way that provides “least privileges.” The Unix/Linux privileged access management (PAM) solutions available on the market today provide highly efficient and effective alternatives to sudo. Using these modern approaches, you will be able to reduce the risk of insider fraud, streamline regulatory compliance, and greatly reduce the effort required to administer your servers.

Here are five problems I have with sudo:

  1. Sudo lacks efficient, centralized administration causing system administrators to spend lots of time building and distributing sudoers files across the server.
  2. Sudo introduces a security risk because it is controlled by local files. The security admins need to distribute these files appropriately. As well, the sudo configuration file is stored in a way that local administrators could easily make modifications… a big security risk.
  3. Sudo may create a compliance issue. Auditors don’t like the distributed sudo conf files because they utilize “static trust.” Because of this, your use of sudo may cause you problems passing audits because of this.
  4. Organizations using sudo have to be able to distribute the file, so a good distribution method must be maintained, resulting in more costs to your organization.
  5. Sudo does not inherently provide the ability to link multifactor authentication as part of the privileged user authorization process.

Although sudo is theoretically a decent tool, there are dangers.  I recommend you use an automated privileged access management system.  Unix/Linux privileged access management solutions available on the market today provide highly efficient and effective alternatives to sudo. Using a good PAM system, you will be able to reduce the risk of insider fraud, streamline regulatory compliance, and greatly reduce the effort required to administer your server estates. Effective user privilege management will allow you to separate users and give them only the access they need to do their job in a much more efficient manner.