Su vs Sudo
 

Hi.

I recently installed Debian in VirtualBox. During install there's a section where you can make a password for the root account but if you leave it blank, it instead gives your regular user sudo ability.

Ubuntu and some other distros allow sudo by default. Is there a problem to only using sudo and never using su?

Thanks.

No.

This topic has been beaten to death, I suggest reading up on it. My opinion:

On a multi-user system, sudo is a very powerful tool. It's designed to allow SPECIFIC users to run SPECIFIC commands without requiring root access. This has the overall effect of increasing security since it means the master root password is in fewer hands and accessed less often. The system admin simply needs to ensure that only those commands that are truly necessary for a user to do their job AND are low-risk are handed out, and that those users have secure passwords.

On a multi-user system, handing out unlimited sudo access to any regular user is a BAD idea. Many of the protections that are put in place to keep a system from being compromised, such as preventing ssh access to the root account, are voided. In addition, since it's a regular user account with a password that needs to be entered on a semi-regular basis, chances are the password will be less complex, possibly even written down on a scrap of paper on the person's desk, re-used across the network, used on websites that could be compromised, etc. It opens up the system to a multitude of attack vectors.

On a single-user system, one might make the argument that having a dedicated root account is just a waste of time, but I still feel that granting any regular user unlimited sudo access is a mistake for the reasons mentioned above, and I do not do it on any of my systems. Even on Ubuntu/Mint, the first thing I do is enable the root account and shut off sudo access for my personal account.

I hope that's a qualified "No" since "su" has switch options that sudo does not, afaik.

The only one I see in su(1) without an equivalent in sudo(8) is --fast, which seems of pretty marginal utility. Possibly also --session-command, though I'm not entirely sure what that does.

In way-too-many systems (and, every Macintosh ...), "administrative" users are members of the wheel group, and are able to issue the command sudo su to gain root-level privileges using their own(!) passwords.

Lesson: "leave your Superman suit in the closet!" Unless you are actively performing system maintenance, do not log in to any account that is capable of issuing this command. Your "ordinary, day-to-day" account should be non-privileged.

AFAIK although the same or similar switches are listed the manner in which they actually function can be very different since sudo is always governed by rule sets in suduoers.conf. Also if I invoke "su -i" I become root including with .profile with complete $PATH. As soon as I exit, that reverts to $USER. Since sudo remains active for a time specified in sudoers.conf, what happens to .profile and $PATH upon exiting? (Note: I actually don't know, being a rare sudo invoker)

The "active" refers to how long the password is cached. This is usually more relevant for single shot invocations of the form of sudo <some command> (because you might want to do several in a row). When using sudo -i, the shell and its environment variables last as long as the shell runs of course.

I think I'll stay with just 'sudo'. :-)

While that is certainly a valid choice, I prefer to actually have a root account and disallow multiple root logins. This almost completely rules out functioning rootkits. One can do this and still only use sudo, but several distros by default do not even setup a root account. I consider this a minor mistake.

This makes sense. But tell us, please, Enorbet. How does one do that? How do you disallow multiple root logins?
(Oh yeah - I'd consider that a "good to know." ;) )

I only use 1 account on my PC so multiple root logins cannot happen. ;-)

Everything is there for a reason.
 

Making it impossible to log in directly as root enhances security. Let someone try to log in as root with a dictionary based password cracker, and they may eventually get in. Change ' may eventually' to " will never" if root logon is disabled.

There is NOTHING that su can do that sudo cannot, if 'sudo su' is enabled. One difference is that sudo leaves a clearer 'paper trail' in a separate log. Another is that it allows for much finer controls.

It is not a 'one or the other' choice: BOTH of them are used on all of my Linux systems at home and work. Each has a proper place and purpose on EVERY system.

Afterthought: perhaps not on a simple proof of concept virtual machine where security is irrelevant and it will be quickly blown away.

Spoken like a true Windows warrior, what is the difference between using a static account (root) and a user that has sudo access? Nothing at all.. here is why:

So you have no root password on your system, cool, however what do you login with via SSH? You user? so when that gets cracked, what is the difference between root and sudo -i? or sudo su? the answer is nothing.

In fact, using a root account is more secure then using sudo and here is why:

1) sshd by default doesn't allow root to login, so if the admin was smart about this his account would be a totally normal account without sudo access and when its required just su to root.

2) Using this the attacker actually has to crack two accounts not just a user who is prevleged... its just a weak argument against having a root account..


3) This is Windows security through obscurity bs, sudo only exists because ubuntu wanted to Windowize Linux to being it closer to the masses (which it didnt do).


sudo was never designed to paper tail everyone, here is a simple fact, The real admins who can be trusted don't need to be logged, their is no reason why a user needs to play with any utilities that require root access. sudo is basically the UAC of Linux nothing more nothing less, most vetted admins that run more then Linux and BSD will laugh at you for thinking sudo has some super powers over su.

While this does vary by distro (some have "/etc/security/limits.conf" and some don't, some have PAM and SELinux and some don't) most have SSH and other means of limiting logins of any User, including "root". One good method is to create a toggle script to disallow ANY remote logins and only enable it when YOU need it. Here is but one list of several more general means of limitations

Limiting Root Access

See your own distro's docs for more specific actions.