Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

sudo and sudoers

From: Unix for Mac OS X Users

Video: sudo and sudoers

In the previous movie I told you that the root user is disabled on Mac OS X by default. That's okay. We don't need it to be enabled. Because as admin users on the Mac, we can do everything that the root user can do. We just have to do it by using the sudo command. That stands for substitute user and do. Some people mistakenly think that it stands for superuser do, because the root user is a superuser. But what it's actually doing is substituting in a different user identity and I'll show you how you can pick a different user besides root in a moment. But sudo is a command that runs other commands.

sudo and sudoers

In the previous movie I told you that the root user is disabled on Mac OS X by default. That's okay. We don't need it to be enabled. Because as admin users on the Mac, we can do everything that the root user can do. We just have to do it by using the sudo command. That stands for substitute user and do. Some people mistakenly think that it stands for superuser do, because the root user is a superuser. But what it's actually doing is substituting in a different user identity and I'll show you how you can pick a different user besides root in a moment. But sudo is a command that runs other commands.

So it's essentially like prefixing a line with sudo when you wanted to do it as root. So just as an example, sudo ls -la. The command is exactly like we would normally type. We're just saying, hey, don't do this as Kevin, do this as root. Let me show you what happens. We hit Return. It comes up and it wants a password. Now that's not root's password, because root is disabled, what it wants is in this case it wants my password, Kevin's password again. What it wants to do is make sure that we really aren't admin before we do admin like things.

It's a security precaution. So I am going to type in my main user password that I use to log into this system, and now it does what I asked to do. Obviously this is something that I could have done without being root, but that should just give you a feel for how we prefix our normal commands with sudo and get the same results. We got to a peek at this earlier when we were changing ownership permissions, right? We had to do sudo and then chown lynda and then let's say unix_files/ownership.txt, and then that changes the ownership permissions. Now notice when I typed it the second time it did not ask me for a password again.

That's because this password authentication stays valid for a little while. So that we potentially could be entering several commands. It would be a pain if every single thing that we did, we had to keep entering that password. So it remembers it and it stays valid for about five minutes. That can be configured on different Unix machines. But it's typically five minutes. Incidentally, you can type sudo -k, and that will expire it right now. So that then when we try and do something again, let's change this back to Kevin, now it's going to ask me for my password again. Okay, so let me just clear the screen and let me just give you a couple of more examples to show how this work.

So let's say I have whom, Right? I am Kevin. Let's do ls -la and let's try and take a look at Lynda's pictures. It's on here and I don't have permission to access it, so it comes up and says permission denied. If I now do the same command with sudo in front of it, Users/lynda/Pictures, now it's going to make me into root before doing it, and remember the root has the ability to do absolutely anything on here, including look at Lynda's pictures. So using sudo I can now see what's in there. Now as I said at the beginning of the movie, root is not the only user you can become. Let me just show you if you do sudo whoami.

It comes up and says, "Oh, I am root." If we use sudo and we use -u, and then the username that we want a substitute, now whoami, we become lynda. So we are substituting the user identity before we execute the command. So now we could do the same sort of thing, we say all right, well, as Lynda, I'd like to now open this file or look at this directory. So we can become a different user and take on their privileges and their role just as easily as we can take on root. Most of the time you'll just use sudo without any options, because what you essentially are saying is I don't have enough privileges to do what I want right now, like changing ownership.

So therefore, I'm temporarily become root to accomplish what I'm trying to accomplish. Not everyone can do sudo. Only admins, and that's something that you set up in the Account Preferences, System Preferences under Accounts, and you can see it says Admin underneath, right? If you make someone who's not an admin account, they won't have the ability to sudo. That is what an admin is. Now let me show you why that's true in Unix terms. In Unix there's something called a sudoers file.

So that is stored in cat/etc/sudoers, that's where it lives, and this is a file that keeps track of the configuration for sudo and especially who ought to be allowed to execute this command. Because we don't want let everyone do it. Otherwise again, what's the point in having privileges. So only admins on the system get these special privileges. We can't view that file, because we wouldn't want everyone to be able to view it unless we put sudo in front of it. As you can see the security is very well thought-out.

So now let's take a look at it as sudo. There is all sorts of default settings and everything, but the most important thing are these lines right here. You don't need to ever change these yourself. The system preferences are going to handle this for you. What these lines are telling you is that the root user ought to have the ability to do everything. That's what those three ALLs mean. The group admin also ought to be able to do it. So what it does is it adds you to the group admin and once you're part of the group admin, well, then you have the same privileges that root does.

You have the ability to become root. Now again, you don't ever need to actually edit this sudoers file, but I just want you to see what's happening, because on other Unix systems this is the way that you manage who has sudo access, is via the suedoers file. The Mac manages it for you. The Mac gives you this nice convenient interface and it just drops you into the admin group and once you are part of the admin group, well, then you're automatically added to the sudoers file.

Show transcript

This video is part of

Image for Unix for Mac OS X Users
Unix for Mac OS X Users

82 video lessons · 26134 viewers

Kevin Skoglund
Author

 
Expand all | Collapse all
  1. 3m 57s
    1. Introduction
      1m 14s
    2. Using the exercise files
      2m 43s
  2. 32m 2s
    1. What is Unix?
      7m 27s
    2. The terminal application
      4m 23s
    3. Logging in and using the command prompt
      5m 19s
    4. Command structure
      5m 22s
    5. Kernel and shells
      5m 25s
    6. Unix manual pages
      4m 6s
  3. 15m 58s
    1. The working directory
      2m 49s
    2. Listing files and directories
      3m 59s
    3. Moving around the filesystem
      4m 58s
    4. Filesystem organization
      4m 12s
  4. 1h 4m
    1. Naming files
      5m 41s
    2. Creating files
      2m 19s
    3. Unix text editors
      6m 39s
    4. Reading files
      5m 35s
    5. Reading portions of files
      3m 27s
    6. Creating directories
      2m 40s
    7. Moving and renaming files and directories
      8m 32s
    8. Copying files and directories
      3m 7s
    9. Deleting files and directories
      3m 38s
    10. Finder aliases in Unix
      4m 10s
    11. Hard links
      5m 30s
    12. Symbolic links
      6m 36s
    13. Searching for files and directories
      6m 32s
  5. 34m 58s
    1. Who am I?
      4m 3s
    2. Unix groups
      1m 52s
    3. File and directory ownership
      6m 41s
    4. File and directory permissions
      4m 27s
    5. Setting permissions using alpha notation
      6m 49s
    6. Setting permissions using octal notation
      3m 49s
    7. The root user
      1m 57s
    8. sudo and sudoers
      5m 20s
  6. 52m 34s
    1. Command basics
      4m 4s
    2. The PATH variable
      4m 13s
    3. System information commands
      3m 40s
    4. Disk information commands
      6m 8s
    5. Viewing processes
      5m 0s
    6. Monitoring processes
      3m 36s
    7. Stopping processes
      3m 19s
    8. Text file helpers
      6m 50s
    9. Utility programs
      7m 28s
    10. Using the command history
      8m 16s
  7. 20m 39s
    1. Standard input and standard output
      1m 24s
    2. Directing output to a file
      4m 13s
    3. Appending to a file
      2m 44s
    4. Directing input from a file
      5m 28s
    5. Piping output to input
      4m 40s
    6. Suppressing output
      2m 10s
  8. 41m 28s
    1. Profile, login, and resource files
      9m 11s
    2. Setting command aliases
      6m 59s
    3. Setting and exporting environment variables
      4m 54s
    4. Setting the PATH variable
      6m 10s
    5. Configuring history with variables
      6m 17s
    6. Customizing the command prompt
      6m 5s
    7. Logout file
      1m 52s
  9. 1h 25m
    1. grep: Searching for matching expressions
      5m 21s
    2. grep: Multiple files, other input
      4m 28s
    3. grep: Coloring matched text
      2m 57s
    4. Introduction to regular expressions
      3m 22s
    5. Regular expressions: Basic syntax
      3m 19s
    6. Using regular expressions with grep
      5m 20s
    7. tr: Translating characters
      8m 17s
    8. tr: Deleting and squeezing characters
      5m 30s
    9. sed: Stream editor
      7m 45s
    10. sed: Regular expressions and back-references
      7m 8s
    11. cut: Cutting select text portions
      7m 42s
    12. diff: Comparing files
      4m 35s
    13. diff: Alternative formats
      4m 30s
    14. xargs: Passing argument lists to commands
      7m 25s
    15. xargs: Usage examples
      7m 59s
  10. 42m 25s
    1. Finder integration
      4m 45s
    2. Clipboard integration
      5m 5s
    3. Screen capture
      3m 42s
    4. Shut down, reboot, and sleep
      3m 34s
    5. Text to speech
      2m 36s
    6. Spotlight integration: Searching metadata
      3m 41s
    7. Spotlight integration: Metadata attributes
      4m 24s
    8. Using AppleScript
      5m 23s
    9. System configurations: Viewing and setting
      5m 51s
    10. System configurations: Examples
      3m 24s
  11. 1m 26s
    1. Conclusion
      1m 26s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Join now "Already a member? Log in

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Unix for Mac OS X Users.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.