0

This is just me wanting to understand 'sudo' better.

I am logged in to my Ubuntu 18.04LTS machine as 'alan' which is a normal user, and is a member of the 'sudo' group:

$ groups
alan adm cdrom sudo dip plugdev lpadmin sambashare

First I did this (I have correctly entered my password):

sudo touch /lost+found/test.file

I get these:

$ ls /lost+found/
ls: cannot open directory '/lost+found/': Permission denied

and

$ sudo ls /lost+found/
test.file

That is completely what I would expect. However, I don't understand why I get this:

$ sudo -u alan ls /lost+found/
ls: cannot open directory '/lost+found/': Permission denied

Why can't I run an 'admin' command, as myself, if I am a member of the sudo group, and I have entered my password?

Clearly I don't understand how 'sudo', or more specifically, 'sudo -u' works :-)

Alan
  • 725
  • 3
  • 8
  • 17
  • Smells like a possible permission issue: Show us the complete output of `ls -l /` in your question above. – user535733 Apr 04 '20 at 01:00
  • $ sudo ls -l /lost+found/ total 0 -rw-r--r-- 1 root root 0 Apr 4 14:02 test.file – Alan Apr 04 '20 at 01:02
  • 1
    `sudo -u alan ` won't give superuser privileges. This will switch to user alan. This comes handy when you want to execute commands as other normal user. – Kulfy Apr 04 '20 at 01:02
  • 2
    Perhaps it would help if you think of `sudo ls` as shorthand for `sudo -u root ls`? The privileges you get are *those of the target user* – steeldriver Apr 04 '20 at 01:03
  • @Kuffy: Do you mean that sudo -u ONLY switches temporarily to a different user? Is it meaningless to use sudo -u alan (when logged in as alan)? – Alan Apr 04 '20 at 01:03
  • @steeldriver: Do you mean that, as 'alan' does not have permission to read /lost+found, running the ls command via sudo -u still won't give 'alan' that permission? If so, what is the point of 'sudo -u'? – Alan Apr 04 '20 at 01:05
  • @Alan Absolutely. You answered yourself :) – Kulfy Apr 04 '20 at 01:08
  • @Kuffy: Okay - Thanks :-) – Alan Apr 04 '20 at 01:09
  • `sudo -u username` runs the command as a user but not switching to the user. Once the command is done the shell is back to the logged in user. `sudo su - username` will switch to the user, since `su` is used for switch user. However, `su - root` will not switch to the root user by default in Ubuntu since the `root` user is disabled by default. `sudo su - root` will switch to the root user. – Terrance Apr 04 '20 at 01:21
  • Does this answer your question? [Undeletable directory in lost+found](https://askubuntu.com/questions/794262/undeletable-directory-in-lostfound) – karel Apr 04 '20 at 01:30
  • Hi All - Yes, I think I understand how. Thank you to everyone :-) Not sure how to close off the question, when all the answers have been posted as 'comments' rather than answers though? – Alan Apr 04 '20 at 02:06

0 Answers0