I am aware that we can execute a command/script as a super/another user using sudo command. But Is there a possibility where the sudo utility itself is unavailable/removed by the user. If so, what could be the alternative to sudo other than su? Also, do sudo and su serve the same purpose?
Answer
'sudo' allows you to launch any program as any user. It is 'setuid root', as the program itself requires root permissions to do this. The power of sudo is that you can easily configure who can do what. You can allow a user to execute nmap (and only nmap) using sudo.
'su' allows you to launch a shell as any user. When you launch a shell, you can obviously launch any other program. It is therefore more dangerous; on well-administered systems, su access is generally disabled, but sudo might be available for distinct programs.
The reason why the two programs above are used is accountability. Sudo logs all requests that are made. Therefore, it is very easy for an administrator to track what a user has done using root privileges. If you grant access to a shell, a user can do whatever he/she likes (it is a 'black hole'). (Of course, advanced logging on kernel-level thwarts this).
Of course, these programs can also be marked setuid. This changes the permissions to the owner of the binary when executing it. If you manage to activate the setuid bit on e.g. /bin/bash and set the owner of /bin/bash to root, you will be root everytime you execute /bin/bash.
Lastly, physical access to the machine will allow you to do whatever you like. You can boot from a flash drive and access the local filesystem. You could even configure your bootloader to use a different init process which immediately launches a shell in single-user mode (without asking for a password).
No comments:
Post a Comment