Linux Administration Cookbook
上QQ阅读APP看书,第一时间看更新

Quick sudo explanation

In the various commands that were given in the preceding recipe, we used sudo repeatedly. This was so that we didn't have to log in as the root user to perform various restricted actions.

sudo is a contraction of 'superuser do' because sudo used to be used for running commands as the "superuser" only, nowadays you can use it to run commands as various users. 

Generally, if you attempt to run a command that you lack permissions to complete successfully, you'll be greeted with an error:

$ less /etc/sudoers 
/etc/sudoers: Permission denied

Here, I tried to have a look at the /etc/sudoers file, which also happens to be the file that determines a user's sudo privileges.

Running this command with sudo is a different story. Instead, it opens the file for me, dropping me into the less pager.

Toward the bottom of this file, we find the following block:

## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL

The wheel portion of this block is uncommented, and the text above that tells us what that means.

So, the obvious next question is, am I in the wheel group?

The term wheel has ancient origins in old-school UNIX installations. These, days it might be called admin or other. CentOS keeps it classic by using wheel.

Thankfully, this is very easy to check – the file in question is always in the same place: /etc/group.

Here, we print the contents of the group file to our screen, and look specifically for wheel.

We see the following layout:

group_name:password:GID:user_list

We can see that the group_name is wheel, the password is a lower x, which means that shadow passwords are being used, the group ID is 10, and the only user in this group is myself:

$ sudo cat /etc/group | grep wheel
wheel:x:10:adam

We can even do this with a single word, that being the groups command, which prints the groups that your current user is a member of:

$ groups
adam wheel

Being granted the ability to run superuser commands with sudo isn't the immediate right of everyone on the system, and it's up to the individual company and administration team to decide how that power is distributed.

There are places where everyone in operations has the power of sudo, and places where one person has that power.