LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Poll: Do you use sudo or the root account to gain root privileges?
Be advised that this is a public poll: other users can see the choice(s) you selected.
Poll Options
Do you use sudo or the root account to gain root privileges?

You must log in and have one post to vote in this poll. If you don't have an account, you can register here.
Results will be available after the polls close.

The nominees are:

sudo
log in as root

Reply
 
Search this Thread
Old 03-08-2011, 09:32 PM   #16
Kenny_Strawn
Senior Member
 
Registered: Feb 2010
Location: /usa/ca/orange_county/lake_forest
Distribution: ArchBang, Google Android 2.1 + Motoblur (on Motortola Flipside), Google Chrome OS (on Cr-48)
Posts: 1,791
Blog Entries: 62

Original Poster
Rep: Reputation: 55

In my opinion, as SL00b said, using 'sudo su -' or 'sudo bash' does the same that su does. On top of this, if you don't want the security risks associated with allowing multiple users full sudo access, just configure PolicyKit to use sudo (as Ubuntu does) and configure the users (other than you) to have certain admin rights, such as mounting/unmounting devices, but not others, for example deleting files or installing/removing software (though you might want those users to be able to install updates). This way, your system remains secure and you can still weigh the benefits of sudo access against the risks.
 
Old 03-08-2011, 09:51 PM   #17
RedNeck-LQ
Member
 
Registered: Jan 2011
Posts: 83

Rep: Reputation: 11
I use su to switch to root for admin stuff and when I'm done, I return to normal user. Just old school I guess.

I also do su -c "some command" which is similar to sudo command

I have nothing against sudo. As for a policy, I don't need it. I'm the only one in the family that uses linux. My family uses that proprietary OS called windows.

Last edited by RedNeck-LQ; 03-08-2011 at 11:16 PM.
 
Old 03-08-2011, 11:52 PM   #18
MrCode
Member
 
Registered: Aug 2009
Location: Oregon, USA
Distribution: Arch
Posts: 864
Blog Entries: 31

Rep: Reputation: 148Reputation: 148
su works just fine for me. I have no desire to install/use sudo.

Quote:
Originally Posted by Kenny_Strawn
I think that using sudo is more secure than the root account for the same reasons that the Ubuntu developers think so: because the root account is a prime target for password crackers.
Removing the root password and using sudo for everything (the "sudo says" method) just shifts the main weak point from the root password to the user password, and IMO that's effectively less secure, unless you have something particularly cryptic for your user password.
 
2 members found this post helpful.
Old 03-09-2011, 01:26 AM   #19
John VV
Guru
 
Registered: Aug 2005
Posts: 13,446

Rep: Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798
root gui login or sudo

nether .I use "su -"
 
Old 03-09-2011, 03:36 AM   #20
corp769
Guru
 
Registered: Apr 2005
Posts: 5,814

Rep: Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001Reputation: 1001
Quote:
Originally Posted by John VV View Post
root gui login or sudo

nether .I use "su -"
+1 to that. If I need to do maintenance or install globally, I use su -
 
Old 03-09-2011, 08:45 AM   #21
chrisretusn
Member
 
Registered: Dec 2005
Location: Philippines
Distribution: Slackware
Posts: 507

Rep: Reputation: Disabled
I've been using Linux a long time and before that Unix. I have never understood this apparent evilness of using root. Logging in as root is not a bad thing. You will not catch the plague.

I have been doing it for years. I log in, take care of business and log out. Using sudo or su - root is only a convenience thing for me that allows me to do rooty things while logged in as me. It also allows other users to do rooty things without having access to root. That access is mine and mine alone.

Last edited by chrisretusn; 03-09-2011 at 08:49 AM.
 
Old 03-09-2011, 09:03 AM   #22
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,138

Rep: Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127
I mainly use su, sometimes login as root, and rarely use sudo. In your two way poll of sudo vs. login as root, I don't know where su was supposed to fit. I answered "log in as root" because I think that is where su ought to fit.
 
Old 03-09-2011, 09:07 AM   #23
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,410
Blog Entries: 1

Rep: Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115
Have a password with Uppercase/Lowercase/Numerals/Symbols that is at least 16 digits long. Then restrict password guesses to 3 at a time with a 5 minute timeout. Lock the server in a server case, that is locked in a room, that is locked in a building. Make sure to have an IDS like Snort. Make sure to have a traffic analyzer like wireshark/tcpdump. Use a syslog server/collector like Splunk. Review your logs every day. Change passwords tri-monthly at maximum.

These simple steps should allow you to log in as root without -too much- worry of someone compromising your system using brute-force password guessing.
 
1 members found this post helpful.
Old 03-09-2011, 09:31 AM   #24
PrinceCruise
Member
 
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 14.1/Current, CentOS 6.5/7.0
Posts: 792

Rep: Reputation: Disabled
su -
 
Old 03-09-2011, 09:35 AM   #25
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
Quote:
Originally Posted by MrCode View Post
Removing the root password and using sudo for everything (the "sudo says" method) just shifts the main weak point from the root password to the user password, and IMO that's effectively less secure, unless you have something particularly cryptic for your user password.
Actually, it's more secure, because you can't brute-force attack a userid if you don't know a valid userid.
 
Old 03-09-2011, 09:36 AM   #26
rsciw
Member
 
Registered: Jan 2009
Location: Essex (UK)
Distribution: Home: Debian/Ubuntu, Work: Ubuntu
Posts: 206

Rep: Reputation: 44
depends on the situation, either sudo or su then do the task, so yeah, both, mostly sudo though.
 
Old 03-09-2011, 12:04 PM   #27
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 3,214

Rep: Reputation: 820Reputation: 820Reputation: 820Reputation: 820Reputation: 820Reputation: 820Reputation: 820
For me, it's the option you left out: su -

Logging in as root means too much logging in and out. Sudo means having to set up the facility in the first place: why bother when I can use "su"?
 
Old 03-09-2011, 12:24 PM   #28
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Rep: Reputation: 72
Quote:
Originally Posted by szboardstretcher View Post
Have a password with Uppercase/Lowercase/Numerals/Symbols that is at least 16 digits long. Then restrict password guesses to 3 at a time with a 5 minute timeout. Lock the server in a server case, that is locked in a room, that is locked in a building. Make sure to have an IDS like Snort. Make sure to have a traffic analyzer like wireshark/tcpdump. Use a syslog server/collector like Splunk. Review your logs every day. Change passwords tri-monthly at maximum.

These simple steps should allow you to log in as root without -too much- worry of someone compromising your system using brute-force password guessing.
You forgot remove any kind of remote root login. No need to login remotely as root - at least make them guess a valid username before they can start trying to guess the password
 
Old 03-09-2011, 12:40 PM   #29
z1p
Member
 
Registered: Jan 2011
Location: the right coast of the US
Distribution: Ubuntu 10.04
Posts: 80

Rep: Reputation: 23
I login as root when needed, but then I'm not a sys admin or IT guy and the boxes are generally throw away lab machines.
Its a balance of risk, security, ease of use.

Now on my machines at home, we run as unprivileged users and I grant elevated access(sudo, runas) when needed. I guess you can say that in that case I am working as IT/sysadmin, so lock things down more. Also, the assets on my home machine are more valuable and possibly even at a greater risk that the assets I manage at work.
 
Old 03-09-2011, 01:04 PM   #30
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,410
Blog Entries: 1

Rep: Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115
Quote:
Originally Posted by djsmiley2k View Post
You forgot remove any kind of remote root login. No need to login remotely as root - at least make them guess a valid username before they can start trying to guess the password
Good point this

And also, anytime that root logs in, sendmail should send out a page to you saying "Someone has just su'd or logged in as root on xxx.xxx.xxx.xxx"
 
  


Reply

Tags
root, sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo cd /root gives 'sudo: cd: command not found'. stf92 Linux - Newbie 4 03-03-2012 10:05 AM
After improper shutdown, 1 user can't startx (KDE), sudo, OR su. Root account is ok! ShellyCat Linux - Desktop 2 09-19-2010 04:56 AM
Can't use sudo, only account that's not root is not a sudo'ers [Ubuntu 9.10] randyriver10 Linux - Desktop 1 01-09-2010 08:56 PM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 11:02 AM
Want2use /sbin cmds undr non-root account w/o sudo. Is it safe 2 add /sbin 2 my PATH? kornerr Linux - General 4 02-25-2005 10:29 AM


All times are GMT -5. The time now is 02:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration