This document provides an overview of sudo and su commands in Linux. It discusses the objectives which include background information, definitions and syntax of sudo and su, benefits of each, and how to configure sudo privileges and aliases. It also covers fundamentals of network administration including the difference between privileges and permissions, protection mechanism requirements, and how to diagram a use case. References are provided for further reading.

1. Hebron University
College: Information Technology
Department: Security and Protection of Computer Networks

2. OBJECTIVES
• Background
• Sudo Definition and Syntax.
• Benefits of Sudo.
• Su definition and Syntax.
• Benefits of Su Command.
• What is Visudo?
• How To Give a User Sudo Privileges?
• How To Create Aliases?

3. SUDOERS
1. Background

4. FUNDAMENTALS OF NETWORK
ADMINISTRATION
•What is the difference between privilege and
permission .
•Design principles for protection mechanism
requirement .
•diagram a use case with Visual Paradigm

5. FUNDAMENTALS OF NETWORK
ADMINISTRATION
• A permission is a property of an object, such as a file. It says
which agents are permitted to use the object, and what they
are permitted to do (read it, modify it, etc.).
• A privilege is a property of an agent, such as a user. It lets the
agent do things that are not ordinarily allowed. For example,
there are privileges which allow an agent to access an object
that it does not have permission to access, and privileges
which allow an agent to perform maintenance functions such
as restart the computer.

6. PROTECTION MECHANISM
REQUIREMENT
• Least Privilege
• Should only have the rights necessary to complete your task.
• Default should be lack of access
• If access needed temporarily, then it should be rescinded right after
use
• Separation of Privilege
• Access to objects should depend on more than one condition being
satisfied
• Separation of duty
• Two person rule
• Isolation of Privilege

7. DIAGRAM A USE CASE WITH
VISUAL PARADIGM

8. SUDOERS
2. SUDO Command In Linux

9. SUDO COMMAND IN LINUX
• The Sudo command is:
the administrator can configure sudo to allow an
ordinary user to execute commands as a different user
(usually the superuser)
• Syntax is :
Sudo <command>

10. BENEFITS OF SUDO COMMAND IN
LINUX
• Running sudo gives you some benefits – so one hears:
• Using sudo records everything someone does as root.
• Using sudo prevents a user from running continually as
root, preventing errors.
• Using sudo prevents a user from having to know the root
password.
• Using sudo prevents a user from executing anything they
are not permitted to.

11. SU DEFINITION AND SYNTAX
• Su definition is:
The su command switches to the super user or root
user when you execute it with no additional options.
• Syntax:
Su <option>

12. BENEFITS OF SU COMMAND .
• Running SU gives you some benefits – so one hears:
• root account’s password may require.
• Switch to any user account .
• Exit is required .

13. VISUDO COMMAND IN LINUX
• The visudo command:
opens a text editor like normal, but it validates the syntax of the file upon
saving. This prevents configuration errors from blocking sudo operations,
which may be your only way of obtaining root privileges.
Traditionally, visudo opens the /etc/sudoers file with the vi text editor. Ubuntu,
however, has configured visudo to use the nano text editor instead

14. VISUDO COMMAND IN LINUX (CONT’D)
CHANGE TEXT EDITOR
• The command is :
• sudo update-alternatives --config editor
• The output is :

15. HOW TO GIVE A USER SUDO PRIVILEGES?
•The list of Commands are:
•sudo usermod -aG sudo <username>
•sudo gpasswd -a <username> sudo
•sudo usermod -aG wheel <username>
•sudo gpasswd -a <username> wheel

16. HOW TO CREATE ALIASES?
• There are four kinds of aliases:
• User_Alias
• Runas_Alias
• Host_Alias
• Cmnd_Alias
• Each alias definition is of the form:
• Alias_Type NAME = item1, item2, ...

17. KINDS OF ALIASES
• User Aliases
User aliases are used to specify groups of users. You can specify
usernames, system groups (prefixed by a %) and netgroups (prefixed by
a +) as follows:

18. KINDS OF ALIASES (CONT’D)
• Runas Aliases
Runas Aliases are almost the same as user aliases but you are allowed to
specify users by uid's. This is helpful as usernames and groups are
matched as strings so two users with the same uid but different
usernames will not be matched by entering a single username but can be
matched with a uid. For example:

19. KINDS OF ALIASES (CONT’D)
• Host Aliases:
A host alias is a list of hostname, ip addresses, networks and netgroups
(prefixed with a +). If you do not specify a netmask with a network the
netmask of the hosts ethernet interface(s) will be used when matching.

20. KINDS OF ALIASES (CONT’D)
• Command Aliases:
Command aliases are lists of commands and directories. You can use
this to specify a group of commands. If you specify a directory it will
include any file within that directory but not in any subdirectories.

21. USER SPECIFICATIONS
• User Specifications:
User Specifications are where the sudoers file sets who can run what as
who. It is the key part of the file and all the aliases have just been set up
for this very point.
• A user specification is in the format
• <user list> <host list> = <operator list> <tag list> <command list>

22. THE DEFAULT UBUNTU
SUDOERS FILE

23. REFERENCES
• privilege and permission:
https://www.bayt.com/en/specialties/q/35375/what-is-the-difference-
between-privilege-and-permission-in-computer-security/
• protection mechanism
http://www.cs.ucsb.edu/~kemm/courses/cs177/principles.pdf
• diagram a use case with Visual Paradigm
https://stackoverflow.com/questions/34951366/some-help-diagram-a-use-
case-with-visual-paradigm/34951532#34951532

24. REFERENCES (CONT’D)
• Sudo Definition and Syntax:
http://wiki.lib.sun.ac.za/images/c/ca/TLCL-13.07.pdf
• What is Visudo?,How To Give a User Sudo Privileges?:
https://www.digitalocean.com/community/tutorials/how-to-edit-the-
sudoers-file-on-ubuntu-and-centos
• Alias:
https://help.ubuntu.com/community/Sudoers
• Benefits of Sudo Command in Linux
https://administratosphere.wordpress.com/2009/04/14/sudo-bane-or-
benefit/

25. REFERENCES (CONT’D)
• Benefits of Su Command.
https://www.howtogeek.com/111479/htg-explains-whats-the-difference-
between-sudo-su/