1 00:00:06,599 --> 00:00:11,265 Let'S talk about sudo, because sudo is a more sophisticated way to grant 2 00:00:11,265 --> 00:00:15,929 users privileges to run specific tasks or all tasks with elevated permissions. 3 00:00:17,149 --> 00:00:22,609 The default user is an administrator user, and that user has sudo privileges by default. 4 00:00:23,250 --> 00:00:28,995 This default user is the user that you would normally create when you install your distribution 5 00:00:28,995 --> 00:00:34,740 on red hat. This user has sudo privileges because it's a member of the group wheel. 6 00:00:35,600 --> 00:00:39,240 And when on red hat, you create a root user with a 7 00:00:39,240 --> 00:00:42,880 password, then you should know there is no default admin user. 8 00:00:44,020 --> 00:00:49,469 On Ubuntu, it's easier. The root user never has a password by default, so you get a 9 00:00:49,469 --> 00:00:54,920 default administrative user who is administrative user because this user is a member of the group sudo. 10 00:00:56,189 --> 00:01:02,763 As a sudo enabled user, you can use sudo command to run the command with escalated privileges, or 11 00:01:02,763 --> 00:01:09,336 you can use sudo I to open a root shell. That's not really recommended, but sometimes it's convenient 12 00:01:09,336 --> 00:01:15,909 if you know beforehand that there are multiple commands that you need to run with administrative privileges. 13 00:01:17,019 --> 00:01:17,579 Let me show you. 14 00:01:20,090 --> 00:01:26,950 So, to start with, I'm using LS l root. That's my favorite sudo test. What do you think? Is this going to work? 15 00:01:27,510 --> 00:01:33,435 It doesn't, because I'm not using sudo to use my sudo superpowers. I need to 16 00:01:33,435 --> 00:01:39,359 start this command using sudo. So sudo LS l root that is actually working. 17 00:01:40,000 --> 00:01:46,357 So I'm entering the password that is the password for my current user account, and that is 18 00:01:46,357 --> 00:01:52,715 enabling my sudo powers. Now, the funny fact is that I won't have to enter my password 19 00:01:52,715 --> 00:01:59,072 for the next five minutes. So if I would use sudo password wdlinda to set a password 20 00:01:59,072 --> 00:02:05,430 for user linda, then it's not prompting for a password. Well, it's prompting for a password. 21 00:02:05,450 --> 00:02:10,949 But that's because I'm using the passwd command to set the password I don't have to authenticate again. 22 00:02:11,509 --> 00:02:18,435 That's because when you use sudo, an authentication token is generated after you have entered the password Based on 23 00:02:18,435 --> 00:02:25,360 that authentication token, you can continue using sudo without re entering the password for the next five minutes. 24 00:02:26,680 --> 00:02:32,900 Now, let me also show you sudo I and sudo I is opening a root shell. As you can see, 25 00:02:32,900 --> 00:02:39,120 I'm now root at linfen and the hash in my prompt is also indicating that I'm in a root shell. 26 00:02:40,580 --> 00:02:46,460 Once you are done in your root shell, don't forget to type exit to get back to your normal operational environment. 27 00:02:46,960 --> 00:02:50,199 There's a few more things that we need to discuss. Let's get back to the slides. 28 00:02:51,639 --> 00:02:53,240 This is about using the right shell. 29 00:02:54,389 --> 00:02:59,710 Let's say you want to use sudo echo hello greater than great then var log messages. 30 00:03:00,250 --> 00:03:05,180 Now the thing is that that is not working because the greater than greater than is interpreted by the current shell. 31 00:03:05,879 --> 00:03:11,129 That goes for all the shell metacharacters like redirects, like pipes and more. If you want to 32 00:03:11,129 --> 00:03:16,379 use them in sudo command then this is how you use sudo sh c and then between 33 00:03:16,379 --> 00:03:21,629 double quotes you have the entire command that you want to run. Let me show you. 34 00:03:23,250 --> 00:03:28,849 So to start it sudo echo hello great then great then var log messages 35 00:03:28,849 --> 00:03:34,449 is giving a permission denied and that's surprising but that's because of interpretation of 36 00:03:34,449 --> 00:03:40,049 the current shell. So if we change that to sudo sh c and we 37 00:03:40,050 --> 00:03:45,650 put the entire command between double quotes then suddenly it does work. 38 00:03:47,430 --> 00:03:52,340 That is nice to remember. If ever you use shell metacharacters in your sudo.