su vs. sudo
 

I am curious.

Can't answer the poll because it isn't an either/or problem. For one-line commands I use frequently, I tend to use sudo, for longer sessions as root, I'll use su.

I say sudo is overrated, I don't even install it.

That sounds like an "I do".

The only place that I use sudo is in my laptop so that I can do suspend to disk without having to su to root.
For all the rest, if I want to play God, then su and typing a password is a small price to pay. I like the discipline of thinking about whether I really need root privileges to perform a task.

Neither one!.

If I need root access to a folder, I will open it using file-manager in super-user mode;

If I need root privileges at a command line, I will open the terminal program in super-user mode.

I don't use sudo. I might see a 'slight' advantage to not having to type in your root password to do certain administrative tasks, but in the long run to me that can be a security risk if somebody else is using your computer and decides to mess around with commands. Especially if the user is unexperienced, and stumbles upon sudo, you may as well just gives them your root account. I prefer su. To me it is a lot safer anyways. Plus I am also too lazy to even bother setting up sudo.

Technically you ARE using su, especially in CLI mode. The only thing is you are not ACTUALLY typing 'su', but are presented with a password prompt, its just that 'su' has already been called upon for you by the super user terminal, or super user mode in a file manager. You are merely typing your password for root.

I agree with that. My kids know my normal user login password, so they'd also have access to sudo (which is not a very good idea...).
Plus, my root password is a lot harder to guess, ;)

I use su.

Su's the girl for me. :)

I use su, unless I have to open a gui from console, then I have to use sudo.

'su -c' if i only need one command and 'su -' if i need to work as root.

Unfortunately, the perceptions of sudo have been completely ruined by the bastardization that *buntu has promoted. You shouldn't be using sudo to grant general root access, that isn't what it is intended to do (even though it can). The whole purpose of sudo is to grant root access to a limited number of commands. Anyone using sudo to grant general root privileges is abusing it.

yeah I do what Hangdog suggests, I use sudo, but exact commands which shouldnt do any harm if someone other than myself got on to the system.

Burning discs (cdrecord requires root permission), mounting discs, running security tools like kismet and rkhunter.

I will su for occassional commands though.

Amen, another reason I don't like *buntu and they way they set things up.

100% agree with Hangdog42, sudo is there to give limited root privs to users that need them to perform a certain task.

You can do that with su too.
Alt+F2 (or terminal) and type kdesu xfe/konqueror/whatever.

are there dangers with sudo and requiring the user to enter the root password? Obviously this would be intended for basically a single user type environment.

If you require root's password (as opposed to the regular user's password) when using sudo, you have basically foregone the benefit of using sudo. Sudo should be used to grant specific users some rights without having to grant full root privileges -- requiring the root password means the user can log in as root and have full access.

One can setuid root those apps.
OTOH, one can limit the number of users gaining root privileges via sudoers file.

I may be wrong, but if sudo is requiring root's password, something is seriously, seriously wrong. The whole point of sudo is that it should never require root's password (and hence the reason you don't want to use it to grant general root access).

I keep expecting *buntu security system to blow up in their faces. It is WAY too similar to the way Windows does things and we all know how well that has worked out.

I only use sudo for suspend/hibernate commands on my laptop and for calling pendrive automounting scripts I have hooked onto udev (vl-hot from VectorLinux).
Everything else is with "su".

Yes indeed.
I shudder at the sight of commands like "sudo su".

The only time I ever used sudo was in a 3 part script that detected my scsi scanner (as root) and then opened xsane as a user. Then along came udev and hal and it all became obsolete.

samac

Wasn't that a song by Genesis? :)

I agree yet again. The only reason *buntu is better than Window$ is because it's FLOSS and marginally more secure (not due to the distro itself but due to the nature of FLOSS ... generally less buggy and full of holes). Other than that, no real difference between the two.

I think the original purpose of sudo is to be something in-between regular user and super-user, to give users certain super-user privileges in a controlled manner ... I suppose to somehow stop them from f'n up their system. Well, they're gonna figure out a way to do it in spite of sudo :)

probably good idea to use sudo when you are running Redhat but for slackware user it is optional imho :)

But of course it also depends on your environment, house/work/etc.

Well, I don't know what the latest Fedora flavours are like because I haven't seriously used any since FC6 (well, I did try FC8 for a day and it sucked).
But my parents' computer has Centos 5 on it and all the authentication dialog boxes that pop-up for administrative tasks demand the root password, not the user password. So I'm guessing that RH is still sticking with "su".

Well, as GNU/Linux inevitably becomes more popular and more people begin using the *buntus, I'm guessing their lax use of sudo will come back and bite then in the ass at some stage.

I would consider that an "I don't". Hangdog is not using sudo instead of su, he is using it in addition to su.

Different tools for different uses
 

I agree.

sudo != su - they are two different methods of arriving at similar outcomes, but they have different rules and applicability that should be understood for intelligent use.

I use su
I have sudo installed, but I never bothered to configure it.

Shouldn't you use kdesu or gksu for that?

I very rarely use sudo, particularly in some scripts launched from a normal user console.

David

I like ktsuss as a lightweight replacement for kdesu. :)

I rarely use su. My sudo was compiled to allow non-password use by myself as a member of group root. If I need to make large changes I will sudo to init 3, log in as root, and proceed to do the work needed from the ASCII console. Otherwise it's sudo to burn, sudo to read restricted files, etc.; any time I am restricted as a user from doing what I then wish to do in a "normal" functional manner.
Any time temporary root privileges are sufficient to do what I want, the rational restrictions of sudo are my safe way to use root. I figure if you need the graphic terminal to do what you want done, sudo is the preferred application to gain root; su is overkill, and VERY dangerous in a graphics environment. It's so easy to get it wrong.

ditto on that for me. So I had to vote that I used it. With a password required, I'm the only user but didn't want to forget what I actually was opening up :)

As others have said, the point of sudo is to enable users other than root to run certain, SPECIFIC commands. The way I do it is to allow un/mounting and shutdown for all users without a password, but then to have sudo require a password to run other commands, but to still run them.

Here's the way to do it:
http://www.ducea.com/2006/06/18/linu...sswd-nopasswd/

With sudo you can specify every & each command allowed per user and / or per group, requiring or not the users password to confirm.

I am not a big fan of sudo, as it might create security holes and I *HATE* configurations where ALL users can execute ALL commands on ALL hosts just by using sudo. If you set up your system like this you might as well let everybody log in as root.

In some situations, you will need sudo.
Sometimes you need to allow users to execute some commands in a shell script and without typing passwords. In this case, I think it's best to specify the full command with parameters in sudoers (like "killall xxxx", not just "killall") so that permissions are as limited as possible.
I also prefer to allow groups to execute commands, not users, but this goes for most system administration tasks.

For instance, if you need users of department "xyz" to execute a "killall abc" command, put them in a group like "dept_xyz" and give permission to this group to execute "killall abc" - not to ALL users and not the "killall" command in general.

Used with caution sudo can be an ally, without, it can become your grave.

you don't really need to be root for burning disks. For e.g. in k3b you can specify a group that has privileges to burn discs and include your username as memeber of that group.

I agree, if you choose to use sudo, make sure to configure it properly, otherwise it could do exactly the opposite of what you want ... make your system less secure ... I think this is what they've do with it in Ubuntu.

Same goes for SELinux. If you don't configure it properly you can seriously mess up your system.

Moral: If you're looking to make your system more secure, make sure you configure the tools you are using properly or you may be doing the opposite.

For some tasks I use su and for some I use sudo.

When I want to start root’s session in terminal or xterm I use “su -”.

When I want to run as root some graphical application I use “su”. It’s possible because I set in my .xinitrc the command “xhost `hostname`”:

$ cat ~/.xinitrc
In /etc/sudoers I registered a bunch of commands concerning killing, halting, mounting, and printing. I took into consideration two groups of users: having full access to these commands and having partial access to them:

# cat /etc/sudoers
As you see john has full access to all these commands and mary have to use password for killing, halting, and mounting commands.

To make usage of sudo painless I put in my .bashrc a bunch of aliases:

$ cat ~/.bashrc
To start and stop PPPOE I still use commands “su -c /usr/sbin/pppoe-start” and “su -c /usr/sbin/pppoe-stop”. It’s good idea to put them in /etc/sudoers and ~/.bashrc to make things easier.