Monday, 8 August 2011

SUDO

There are ways to improve on the Linux “all-or-nothing” security model.

Root is almost always connected with the global privilege level. In some extraordinary cases (such as special UNIX’es running Mandatory Access Controls) this is not true, but these are rare. The super-user or “root” account (designated universally as UID “0”) includes the capacity to do practically anything on a UNIX system. RBAC (role-based access control) can be implemented to provide for the delegation of administrative tasks (and tools such as “SUDO” or super-user do also provide this capability). RBAC provides the ability to create roles. Roles, if configured correctly, greatly limit the need to use the root user privilege. RBAC both limits the use of the “su” command and the number of users who have access to the root account. Tools such as SUDO successfully provide similar types of control, but RBAC is more granular than tools such as SUDO allowing for a far greater number of roles on any individual server. It will come down to the individual situation within any organization as to which particular solution is best.

For now, sudo is a simple free tool that will allow us to create a good level of control over what the users on a Linux system can access.

Basically, you do not want to have to give all your users the root password and hope for the best. The simple answer for this is “sudo.”

The purpose of sudo is to allow users to run selected (or all) commands with privilege and enhanced logging. When configured, users use their own password and not the root password.

More, the Administrator (root usually) can setup separate groups of commands and access to the system for different users and groups.

You never need to issue the root password to the users!
On top of this, a user who runs an Unauthorised command can be set such that an alert will be issued. This could be an email for instance.

Sudo solves three primary issues in Linux. These are:

  1. Least Privilege
  2. Accountability
  3. Termination
We can restrict users to only have access to a part of the operating system where they have a need. More, we can log what is done and also alert to when users try to exceed their privilege.

Finally, when a user leaves, as they do not have the root password, there is no need to run about changing password on systems, just lock or alter the individual users account (and believe me, it can be a real pain to change root passwords).

There are methods that can be used to bypass sudo (such as a vi shell break) but these are beyond today’s post.

The access restrictions and  alerting are configured using the "/etc/sudoers" file:

In coming days, I will load a few examples on how to configure this file and how to user SUDO to restrict access to key files.


See the following page for some more information on the command:
http://linux.about.com/od/commands/l/blcmdl8_sudo.htm

2 comments:

M. Ferreira said...

Sudo will never go away. I use it 30x a day, and as long as I stay detail-oriented about what I'm doing, everything is fine. I do work in a heavily regulated industry though, so for those systems that I need to interact with that are part of our compliance control loop, we work through PowerBroker Servers, which is basically an enterprise sudo replacement.

Sudo shouldn't be feared, just used with caution - by pros.

M. Ferreira said...

Sudo will never go away. I use it 30x a day, and as long as I stay detail-oriented about what I'm doing, everything is fine. I do work in a heavily regulated industry though, so for those systems that I need to interact with that are part of our compliance control loop, we work through PowerBroker Servers, which is basically an enterprise sudo replacement.

Sudo shouldn't be feared, just used with caution - by pros.