sudo - do you use it? Should I use it?

[penetrode]

I'm a long-time Gentoo user who always does anything requiring root using su.

Recently I've had to do more work using Ubuntu, known for its "no root password" philosophy. sudo takes some getting used to, but it does work. I appreciate the regular reminders that I'm tinkering with sensitive internals.

I don't have a dog in this fight, but I was wondering what other Gentoo users thought about this. Are you using sudo yourself? Are you actively not using sudo for "reasons"?

[alamahant]

I find it extremely annoying having to precede everything with sudo even if it is passwordless sudo.
So I mostly use the root account when in terminal.
Just be mindful that you can wreak your system if you do something really foolish.

[penetrode]

I find it extremely annoying having to precede everything with sudo even if it is passwordless sudo.
So I mostly use the root account when in terminal.
Just be mindful that you can wreak your system if you do something really foolish.

Normally you only need to enter the password at preset intervals, although I am pretty sure that is configurable.

[Ionen]

I only use it for preset commands (which is the only things it's allowed to run, and they take no arguments), e.g. `sudo do-this-specific-thing-passwordless`, otherwise I just su - normally.

Been meaning to replace sudo with doas but haven't got to looking at it yet.

[penetrode]

I only use it for preset commands (which is the only things it's allowed to run, and they take no arguments), e.g. `sudo do-this-specific-thing-passwordless`, otherwise I just su - normally.

Been meaning to replace sudo with doas but haven't got to looking at it yet.

What makes doas better?

[fedeliallalinea]

What makes doas better?

In the end it does the same job as sudo but it would seem easier to configure.

[Goverp]

I'm a "su - root" person. IMHO sudo's user-level validation is a security weakness. On systems that use it (Raspian OS) I use "sudo su -", which sort of defeats the object. OK, it can and should be more strictly configured, but who wants to list all commands they expect to need?

[Jaglover]

'sudo su -' ? Looks clumsy.

Correct usage would be 'sudo -i'.

[pietinger]

I'm a "su - root" person. IMHO sudo's user-level validation is a security weakness. [...]

+ 1 !!! I have never used sudo and will never do. Without a restricted and correct configuration IT IS a security weakness.

[CooSee]

I'm a "su - root" person. IMHO sudo's user-level validation is a security weakness. [...]

+ 1 !!! I have never used sudo and will never do. Without a restricted and correct configuration IT IS a security weakness.

+2

never ever - why should i on a single user system ?

[tld]

It's annoying how everything you google about Linux seems to show "sudo <whatever>", which as I recall was started by Ubuntu...where by default I don't think root even had a password(?). Annoying as hell. I always use "su -" for anything I need to do.

The only exception here is that I have it on my MythTV frontend machine to allow the mythtv user to halt or reboot from the MythTV program.

Tom

[NeddySeagoon]

I use sudo to protect me from myself for odd commands.
If I need to do a lot of things as root I sudo su -

At my age, I need to be protected from myself :)

[Tony0945]

I'm a "su - root" person. IMHO sudo's user-level validation is a security weakness. [...]

+ 1 !!! I have never used sudo and will never do. Without a restricted and correct configuration IT IS a security weakness.

+2

never ever - why should i on a single user system ?

+3

[pa4wdh]

I prefer su over sudo for my personal systems.

The usual configuration for sudo (although this can be changed) is that a user can execute programs as root. If a password is required it's usually the user's own password.

To get to root this means:
With su you need a user's password (to get in in the first place, you did disable root logins, did you? ) and the root password to gain root privileges.
With sudo you need a user's password ... and the same user's password again to gain root privileges.

So with sudo you effectively have just as much "root" passwords as you have sudo-capable users, which in my book is worse for security than having a single root password

[Hu]

I don't use sudo on personal use systems. On a shared system, particularly one where the peers may not be in the same office or timezone, sudo is convenient because it means nobody is passing around the root password as people gain/lose permission to use root on a given system.

[trilithium]

I used sudo for several years but replaced it with doas relatively recently; the final straw was yet another serious flaw found in sudo. doas solves exactly the problem of performing commands with root privileges without needing a root password configured which conveniently is all I need the tool to do. Browsing through the most important parts of the source code also inspired confidence, the developers clearly value reliability and safety as highly as I do. I am quite happy with doas.

[pjp]

I'm a "su - root" person. IMHO sudo's user-level validation is a security weakness. On systems that use it (Raspian OS) I use "sudo su -", which sort of defeats the object. OK, it can and should be more strictly configured, but who wants to list all commands they expect to need?

I was mainly going to suggest /usr/bin/sudo /bin/su - as a workaround when needed. The primary benefit being the lack of a root password. I use sudo for simple commands and combine it with su if doing something more involved.

sudo does have its limitations, particularly when using pipes or redirecting output. There are workarounds, but as I don't frequently encounter those scenarios, I don't remember them off-hand when needed.

The easiest way to get around basic sudo security issues is to require a password. After that, I don't see a particular benefit in trying to list a lot of commands when they are to be used by the administrator. I have done so for non-administrator usage, and while it isn't simple, I didn't find it to be too horrible until incorporating external authentication (samba / AD).

One common pattern seems to be that when people adapt to a behavior, it becomes somewhat automatic. So when you regularly use "su", it is easy to "forget" you're running as root. The same is true for sudo or any other security mechanism that allows for the subconscious autopilot response.

Then there's the security "problem" that use of alias is not restricted and it is common for people to presume the command they intend to run is the one that executes.

Code: Select all

$ su -
Land shark. -

Oh, and in some environments, compliance requires being able to determine who did what.

[Hu]

To protect against the issue of being root and not knowing it, I use customized shell prompts. My personal account's prompt and my root account's prompt are visually distinct, so I'd have to be very inattentive to run a command in the wrong one. Also, where possible, I try to maintain other conventions, like that the root terminal is in a particular place on the screen.

[pjp]

I've tried those approaches as well. I am apparently good at filtering "noise" such as different prompts. Including certain colors to draw attention. I've also worked in situations where color didn't always work, so that was an unreliable solution.

What I've found most helpful has been to invert the foreground / background use of light / dark. If a normal user has a dark background, then the terminal where root is being used should use a light background.

That seems to have solved the issue of accidentally pasting something in the wrong window. And I dislike working directly as root that I can usually "get in and out" quickly for that to not specifically be a problem. Excluding chroots.

The issue for which I haven't come up with a good solution is when going through a lot of data or repetitive tasks manually and using history to rerun commands. I typically use sudo for that, and it can be too easy to make a mistake. I'm fairly certain that while cleaning up data using fdupes that I deleted some stuff that I hasn't yet verified suitable for removal. Fortunately that was only personal data that is mostly only useful for historical reasons, and most of which I'll probably delete once I've gone through it. That also happens to be when I stopped using fdupes (and have not yet found a replacement).

[szatox]

My primary use for sudo is passwordless "sudo su -"
Pretty much anything I do on any server requires elevated permissions anyway, so I just roll with "the gun is always loaded"

[guitou]

Got quite used to

Code: Select all

sudo -i /bin/bash

on servers, and keep going with traditional

Code: Select all

su -

on py own comps.

++
Gi)

[figueroa]

I always set a root password. Whenever I'm doing repeated administrator chores, I always su to root. My root passord(s) are "safe," meaning difficult, long, and exotic.

On multiuser systems that I administer, I do not share the root password. Only one trusted agent also has access to the root password(s) (as a failsafe) and that person does not use it, and would have to go fetch it if I were to be hit by a truck. I rarely allow users to use sudo.

I do use sudo personally almost every day, locally and remotely, when I just need to run a single command, or possibly a couple of planned commands back to back. My personal passwords are also "safe."

Running passwordless sudo, which I did for years, is not safe. Doing so is effectively the same as being root all the time by only using the prefix sudo. Having to enter a password with sudo helps keep me safe from myself.

There is no danger of my confusing my root shell from my personal shell. My personal shells and root shells prompts are dramatically different, in form and color.

I also use the following aliases (.bashrc or .bash_aliases) in personal and root shells:

Code: Select all

alias rm='rm -i'
alias mv='mv -i'
alias cp='cp -i'

I use almost 20 aliases, these are the three important ones.

I'm not likely to be persuaded to switch from sudo to doas. I would find the change very difficult.

ADDED: Tentatively, aliasing sudo='sudo ' will usually, but not reliably, cause sudo to pick up your other aliases.

[szatox]

I always set a root password. Whenever I'm doing repeated administrator chores, I always su to root. My root passord(s) are "safe," meaning difficult, long, and exotic.

https://xkcd.com/936/

Running passwordless sudo, which I did for years, is not safe. Doing so is effectively the same as being root all the time by only using the prefix sudo. Having to enter a password with sudo helps keep me safe from myself.

True. Passwordless sudo is a convenience device, not a security device.
When you have a whole bunch of administrators with automation tools (*cough* Ansible *cough*), it helps with logging a bit.

I also use the following aliases (.bashrc or .bash_aliases) in personal and root shells:

Code: Select all

alias rm='rm -i'
alias mv='mv -i'
alias cp='cp -i'

Ouch! This thing.... It's one of those ideas that look good on paper, but in reality it takes additional effort and gives you bad habits in return.
I mean... If you want to do that, go ahead, but I'm gonna keep you safely away from my machines

[figueroa]

I always set a root password. Whenever I'm doing repeated administrator chores, I always su to root. My root passord(s) are "safe," meaning difficult, long, and exotic.

https://xkcd.com/936/

Cute cartoon. If you only knew + Fail2Ban.
+ADDED: rm -rf *

[Tony0945]

Re passwordless sudo. I'm not sure what is meant. Anyone can sudo without a password? IOW everyone is root?
Or only named users in sudoers can sudo without a password? That's what i do on my single user system.
A better idea would be to change permissions on a few programs from "root" to "wheel", so that users cannot run arbitrary programs as root but can run, for example, gsmartcontrol.