Alternative for sudo

linux sudo su

'sudo' allows you to launch any program as any user. It is 'setuid root', as the program itself requires root permissions to do this. The power of sudo is that you can easily configure who can do what. You can allow a user to execute nmap (and only nmap) using sudo.

'su' allows you to launch a shell as any user. When you launch a shell, you can obviously launch any other program. It is therefore more dangerous; on well-administered systems, su access is generally disabled, but sudo might be available for distinct programs.

The reason why the two programs above are used is accountability. Sudo logs all requests that are made. Therefore, it is very easy for an administrator to track what a user has done using root privileges. If you grant access to a shell, a user can do whatever he/she likes (it is a 'black hole'). (Of course, advanced logging on kernel-level thwarts this).

Of course, these programs can also be marked setuid. This changes the permissions to the owner of the binary when executing it. If you manage to activate the setuid bit on e.g. /bin/bash and set the owner of /bin/bash to root, you will be root everytime you execute /bin/bash.

Lastly, physical access to the machine will allow you to do whatever you like. You can boot from a flash drive and access the local filesystem. You could even configure your bootloader to use a different init process which immediately launches a shell in single-user mode (without asking for a password).


It seems that no one has answered the question of whether or not there exist alternatives to sudo besides su, so you might be interested to know that the sudo website actually maintains a list of sudo alternatives:

http://www.sudo.ws/other.html

The list includes both open-source and commercial software. Here are the open-source sudo alternatives listed at the moment:

  • doas

  • vsys

  • GNU userv

  • sus

    • Now defunct? Reference: SUS: An Object Reference Model for Distributing Unix Super User Privileges

  • super

  • Priv: Secure and Flexible Privileged Access Dissemination

  • Calife - a lightweight alternative to sudo

  • SSU: Extending SSH for Secure Root Administration

  • su1

  • op: controlled privilege escalation (a flexible alternative to sudo)

That said I've never used any of these alternatives, nor have I ever seen or heard of them in any other context. It also seems like at least some of these are experimental, defunct or otherwise unsupported. The impression I get is that sudo and su are the only real game in town.


Log in as root (if allowed on your tty) or reboot the computer and log in with init=/bin/bash on the command line to restore the required functionality.

I point out that only root can remove sudo.

sudo and su serve similar but different purposes. "sudo" allows you to do something with someone elses permissions while "su" allows you to "become" that user and lets you behave like them.

Related

How to connect 2 LAN each one with its own DSL connection?
How do you auto-type the contents of the clipboard from the host into a guest Virtual Box instance?
Combine in- and outgoing mail in Thunderbird in one folder
Linux: aliases when using `screen`
How to create a shortcut to PC Settings?
How do you replace the logon shell with iexplore?
Is it possible to hide the SSID of the Windows 7 soft AP
Confusion about Positive Curvature in Holomorphic Bundles.
Theorems that give sufficient condition for a $C^{\infty}$ function to be analytic
How to sample from a copula?
Finding solutions to $2^x+17=y^2$
Are there any "other" ways to show a normed space is NOT an inner product space?