0

I've been using Linux on and off (almost exclusively off) for over a year. From everything I've read, including this, you can only get temporarily elevated privileges if your account is an "sudoer". But you enter the password for the account from which you are using sudo. There is no extra knowledge that you have to provide in order to get access to the elevated privilege.

I can see how this prevents users who already have access to elevated privileges from making serious mistakes, since they spend most of the time in a mode without elevated privileges. But it doesn't really serve the same purpose as (say) in Windows, where you can initiate elevated operations from an unelevated account, as long as you provide the login information of an elevated account. I like the greater barrier that this offers to the execution of privileged operations compared to making an account into an sudoer account.

While posting to ask if there a simple way to accomplish this in Ubuntu, I was provided hints that led me to a possible solution: Adding Defaults targetpw to /etc/sudoers using sudo visudo [1]. I don't want to blithely do this without confirming that it accomplishes the above without compromising security in some unanticipated way. Can those experienced with the use of /etc/sudoers please confirm this?

Afternote

I responded to the question of whether this answers my question, and I clicked "Yes". My question became marked as a duplicate question. But the question is not duplicate, it's just that the answer applies to my question. I don't ask how to use sudo from a standard account. I ask how to perform elevated functions, which could be using sudo or some other means. As it turns out, one answer isn't to use sudo from a standard account, but to transfer to a sudoer account. So the answer doesn't even address the question that I'm presumably duplicating. Another answer uses pkexec, which also answers my question, but again, not the question that I'm presumably duplicating. Therefore, my question adds value because people will not find those two answers unless they specifically search for sudoing from a nonsudoer account, which those answers do not answer (and which the user might not be seeking).

Notes

[1] E.g., here and here

user2153235
  • 193

2 Answers2

2

If you're looking for something like this:

initiate elevated operations from an unelevated account, as long as you provide the login information of an elevated account.

Using su to temporarily run commands as another user is very similar.

To use this command, open a terminal and run:

su username

Replace username with the user you want to run commands from temporarily.

This will switch the open shell to that user. Run the commands you want to run.

When you're finished, type exit to finish the session and return the shell to the original user.

Nmath
  • 12,664
1

It's not at all clear to me why sudo can't do what you want.

Create a separate user with a strong password for everyone who needs sudo access. This is much more secure than sharing an admin password between users.

Give them sudo access to the commands they need.

If someone with sudo access needs to be root for more commands, you can run sudo -s to get a root shell.

Artur Meinild
  • 31,035