Become GOD of your system :)

Besic info

sudo comes from “Superuser Do”

It was cretaed to perform things that only a root user can perform

But what is root user ?

• In linux root is the most powerfull user. It has full power over system , even it can break the sytem by runnig some simple commands :]
• A root user can read, write, or delete any file
  can install or remove any software
  can add or remove any user accounts
• Can change system settings, including networking, firewalls, kernel modules, and more, it has the GOD mode :)
• if you run as root, your all commands will run as sudo and if you run commands using sudo your commands will run as root

Core Design of SUDO

• sudo is written in C. C gives direct access to system calls and memory.
  
  System calls are how user programs interect with OS (kernal).
  Imagine the kernel is a locked office, and your program is a visitor:
  You can’t walk in.
  You fill out a request form (system call).
  The receptionist (kernel) processes it for you and sends back the result.
  that’s what sudo needs
• Every Linux user has a UID, which can be 1000, 1001, or any other number. However, the UID of the root user is always 0.
  check it running : id -u or you can check by username id -u root
  This UID is very essencial for sudo.
• sudo uses a special permission bit called setuid, which allows the program to temporarily run with root privileges.
• The setuid bit tells the Linux kernel to run the program with the UID of the file owner instead of the UID of the user who launched it. Since the sudo binary is owned by the root user (UID 0), this causes the kernel to run the program with UID 0

Configuration

• The configuration file of sudo is located at /etc/sudoers
• The file defines who can run sudo
• What commands they can run
• Wheter they needs passowrd or not
• It is very importent for your system because
  It can prevent giving full root access to any user
  You can control permissons for users, Like :
  Some user can run everything as root
  Some can run specific commands only
  Some can run sudo without password
• Only the root user can modify it (or using sudo :))
• It’s better to edit the file using visudo command. Full command :

sudo visudo

• Using visudo will check the syntax errors before saving the file.
• Example content of sudoers:

# Allow members of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL

# Allow user userbiisal to restart nginx without password
userbiisal ALL=(ALL) NOPASSWD: /bin/systemctl restart nginx

• Many modern distros also use the directory: /etc/sudoers.d/
• it allows to add separate config files without modifying the main file. Better for cleaner management.

What happens when you run sudo

1. Authenticate user by passowrd promts.
2. Check sudoers rules to ensure user is allowed to run the command
3. Cache the password for some time (default 5 min) in timestamp file in /var/run/sudo/ts/ (similar)
4. Fork & exec: The sudo binary forks itself, drops unnecessary privileges, then execs the requested command under the target UID.
   sudo creates a new process — a child — by forking.
   The child process runs the actual command while the parent handles logging, security checks, and exits after setup.
5. Logging : Every sudo invocation is recorded syslog or journalctl, capturing the user, terminal,command etc.

Flow

You type: `sudo cmd`  
│  
├──❯ Kernel sees setuid → runs binary with effective UID = root  
│  
├──❯ sudo checks /etc/sudoers for permission  
│  
├──❯ sudo authenticates user via password  
│  
├──❯ Forks & creates child process → drops unneeded privileges  
│  
├──❯ Executes ‘cmd’ as root  
│  
└──❯ Logs actions and outputs the result

So Yes, sudo makes you god of your system but temporary and safe (•‿•)