Pick a Free OS

Psudo root!

A common problem faced is allowing non root users to dial and establish a connection to the Internet.

An easy and safe solution with sudo, assuming you use wvdial, is to put the following line in /etc/sudoers. (syntax explained later)

ALL ALL=/usr/bin/wvdial

This allows any user to run the program wvdial with root privileges when the user runs sudo as

sudo wvdial

Note: sudo issues a password prompt where the password to be entered is that of the user running sudo.

How does sudo make handing out root privileges more secure?

sudo is more secure than other options because of the following reasons.

  • The user does not need to know the root password.
  • The superuser can specify the programs a user is allowed to run and also specify the parameters to be supplied to the program.
  • The superuser can set resource limitations on the command being executed.
  • The superuser can specify the shell the program should run under.
  • If an unauthorized user attempts a command via sudo, the superuser will receive automatic notification via email.
  • sudo logs all activity.
  • /etc/sudoers file can contain dozens of options to fine tune restrictions.
  • Working

    Sudo works in the following manner. When invoked, it matches the real and effective uid and gid of the target user and (by default) prompts them to authenticate themselves using their own password. On authentication, it sets a timestamp, which allows the user to run sudo within a time period of 5 minutes (configurable) without needing to authenticate themselves again.

    To run sudo, the user must be listed in the file /etc/sudoers. If the user isn't listed in /etc/sudoers and attempts to run sudo, an email is automatically sent by sudo to the superuser. The users should ideally do a "sudo -l" to see whether they are allowed to run any commands on the host to avoid ticking off their system administrator.

    Some other useful flags to sudo would be

    -h to show a help screen
    -b to run the program in the background
    -u to run a program as a user other than root (Usage: sudo -u foo)

    The /etc/sudoers file