2

I recently spent quite a lot on a vps for my business and have begun setting up ssh and a cpanel account for each of my sites.

I started to install composer on an account but need root privileges. My question is if you are using sudo as a privileged user can you bring down the whole server if you make a bad mistake or do changes only effect that specific user account and not root?

Building on this is the account completely isolated from root or can you put the whole server at risk potentially (if you tried really hard)? Is sudo exactly the same as root access but only within the account, are you just switching to root? Is there any way to limit the damage I could cause to just the user account, is sudo the best way to install packages on my accounts?

JPB
  • 145
  • 1
    Sidenote: you can install composer to ~/bin/ for example, and after adding it to your user's PATH you can use it like it was installed system-wide. – Maerlyn Aug 11 '17 at 10:22
  • Thanks this looks like the best approach. I guess this goes for git and nodejs as well? – JPB Aug 14 '17 at 06:42
  • 1
    Not sure about git, but node can be installed per-user, check out nvm (node version manager) – Maerlyn Aug 14 '17 at 10:34

2 Answers2

8

When you invoke sudo (without an explicit user argument), you are effectively root for the duration of that command. If the command launches a new shell, all commands run from that shell are also root. So yes, anything you do with sudo can affect the entire server.

For more detail on exactly how it works, see the following Unix StackExchange question:

How does sudo really work?

Ryan Bolger
  • 16,840
  • Thanks I just came to that conclusion after reading about sudo rm -rf. Is there a user argument that provides the best of both worlds, eg install packages to addon domain but limit changes to that account? – JPB Aug 11 '17 at 04:10
  • 1
    @JPB: That's a very fuzzy border. Adding packages sounds fairly fine. But removing packages can obviously break things. What about updating packages? Virtual machines might be a viable alternative, as root on the VM host isn't the same account as the root inside the VM. – MSalters Aug 11 '17 at 14:12
4

With sudo (or rather the /etc/sudoers and etc/sudoers.d/* drop in configuration files) an administrator can grant unprivileged users the ability to run certain commands and programs as root or any other user.

How you configure that, which elevated privileges you grant, is what determines if there is any risk.

If you use sudo as intended and only grant access to a limited set of commands, then a user can't do much harm beyond what those commands allow note.

On the other and if you are cargo cult system administrator and blindly copy the typical ACL: 

username    ALL=(ALL)   ALL

then you grant username the rights to run any command as root or any other user and all bets are off.

Note: There are numerous commands that with sudo will effectively grant much more access than you expect, such as with sudo vim <file> and other editors, backup tools like tar and unzip etc...

HBruijn
  • 80,330
  • 24
  • 138
  • 209
  • Upvoted, thanks for the info. I'm thinking a jail shell might be what I'm after? – JPB Aug 14 '17 at 06:40