What is the difference between a superuser and a root user?
Asked
Active
Viewed 125 times
-3
-
https://unix.stackexchange.com/questions/80344/how-do-the-internals-of-sudo-work – n00dl3 May 11 '17 at 08:29
-
@n00dl3 thanks this gives a clue. As I read, when you execute sudo so the process will gain root privileges and make the SUID or the effective UID as root, what if someone write in this process malicious code to change also the real UID to root also. Then after finishing the process the SUID will return to normal but the real UID will be root and this allows to set both SUID and real UID to root and breaks the security http://www.makelinux.net/alp/083 "Set its effective user ID to be the same as its real user ID" . That's just because we are able to execute sudo with user password not the root – Mosab Shaheen May 12 '17 at 11:36
-
"what if someone write in this process malicious code" You are not supposed to stupidly run as root any random software. once you are root you can do anything you want, so yes running malicious code as root is dangerous... (I don't see your point) `su` and `sudo` use the same internal `setuid` call, they just don't ask for the same password by default (but you can configure sudo to ask for root password). – n00dl3 May 12 '17 at 14:46
-
@n00dl3 I mean by malicious code, the user himself can write a program to become a root in that case, knowing only his password, so how to avoid that. – Mosab Shaheen May 13 '17 at 00:25
-
To be able to use setuid from an executable file, that file must be property of root in order to apply the suid permission on it. Otherwise the setuid will fail. – n00dl3 May 13 '17 at 09:36
1 Answers
1
sudo means superuserdo and gives you the chance to execute/do thing that only high privileged profiles can do, nowadays looks like another meaning is comming to that word, and many others refers to that als "substitute user do"
ΦXocę 웃 Пepeúpa ツ
- 47,427
- 17
- 69
- 97