Gnuru.org
Productive Linux


Subscribe

 Subscribe via Feedburner in a reader

Enter your email address:

Delivered by FeedBurner


Login
Login:
Password:



Don't have an account?
Sign up to Gnuru.org
Forgot your password?

I Love Sudo. So Should You.
27 November 2008 @ 21:15 GMT
by Paul

This post reveals why you need sudo, a program that allows a user to execute a command as another user, e.g. root.

Using sudo means you don't have to log in as root to run system-administration commands. It stops the temptation of type-and-be-damned approached to computing, and encourages you think before prepending a command with 'sudo'.

In particular, if you try to run a command and find you can't, it makes you stop and think before running it again with 'sudo'.

Sudo also logs every command, so you can see who did what.

Even better than that it allows fine-grained control over command that each user can run.

You should hardly ever have to run as 'root' and certainly hardly ever be in a position where you could type 'rm -rf /' without being forced to think what it means.




Even me, sudo is helpful.

//Jadu


Posted by Jadu Saikia on 2008-11-30 09:58:08.

sudo is fine as long as the particular user can only execute a restricted list of commands. If sudo -l says ALL then it's in my opion worse than having a root account as you then only need somebody to gain access to your account password and they now can gain access to root. Personally for security and if you know what you are doing I prefer having a separate root account that's used as it's supposed to be used, ie only when really required for installing software system wide etc. With a typical user / root setup if somebody gained access to my home account ie they know the password they would have a lot more difficulty gaining access to my root account as it's password is a strong password of over 20 characters long.

sudo is useful for new users as long as it has a restricted command list.

Personally I prefer to use the traditional method and teach people NOT to run routinely as root.

Regards


Posted by Nick on 2009-10-21 11:55:40.

Just to clarify, when I say sudo (with no restricted commands) is worse than having a root account I mean when root has no login (as in the case of ubuntu) ie your home account and sudo command use the same password, hence somebody manages to obtain to account password, because they now know your account password they don't need to know the root password to gain access to root. Under Opensuse sudo is available for users however unless you are in the list you have to provide the root password. To me having root login adds a second layer of security that sudo removes for convenience. Don't get me wrong, I use sudo and find it useful, ie in allowing some users restricted access to root. I'm not convinced unbuntu's method is more secure. I think they have basically used sudo to stop users running their desktop as root (not a good thing, unless you are aware of the risks!).

So in summary if you use the traditional distro that has a root login, DON'T run your programs as root, always run as a user and if you run ubuntu and use sudo (hopefully with restrictions on what you can do) then you should be ok unless somebody gains access to your account password, then they have system wide access presumably as sudo on ubuntu requires you to only enter your user account password and not a superuser password.

Regards


Posted by Nick on 2009-10-21 12:19:33.

Nick, I agree with you. I think Ubuntu's way of doing things is a big security hole. It might be OK, on a desktop that is used only for recreation....but still.

I prefer to restrict sudo access to commands that users really need to run.


Posted by Paul (registered user) on 2009-10-22 09:34:13.
Comments disabled