How safe is "sudo?"

Think about it like this:

With "sudo" all you need to type to gain God status are 4 letters that everyone knows: sudo

On the other hand, if you have a root password that only you know, then only you can have God status. A root password provides a security hurdle that only the administrator can over-ride.

From this p.o.v. it seems that "sudo" is a disaster waiting to happen.

Even if "sudo" gives you root power for only one command, that still is root power in the hands of any user, not just the administrator.

What is to stop a troublesome average user from dropping one well placed "sudo" command to screw the entire system?

I'm not trying to flame "sudo" but I am just shocked to learn this and trying to describe the issue to the best of my understanding.

Please clarify and help me out.

/ Currently do not use Ubuntu based system but thinking about it, but I don't understand "sudo" and it scares me.

// Can you just use the traditional "su" method on Ubuntu instead of the new "sudo" method?

You have no idea what you're talking about.

You have to be an administrator to sudo.

If a user not in the admin group tries to sudo, she'll be told that she's not in the sudoers file and can't sudo.

Also, you don't just type in four letters. You're prompted for a password, too.

Read up and get educated before you criticize:
http://help.ubuntu.com/community/RootSudo

what's more of a security problem?
1. noob typing or
You decide.

You two are saying that you must type in a password to use sudo? What password. . .a specific root / admin password or something else.

I'm coming from the MEPIS forum (MEPIS does not use sudo, it uses su) and talked to some people there. They never said anything about a sudo password on MEPIS, so I wanted to see if Ubuntu runs the same way.

I am trying to figure out if sudo behaves in MEPIS (if I installed it) like sudo behaves in Ubuntu.

BTW. . .ty for the links. . .I will look them up.

In ubuntu to do anything as the superuser/root you need to do 2 things, first you need to be in the admin group and then you need to type sudo before the command then type in your password (like a way to confirm that you rally want to run the command). You can also set up sudo to allow a user to only a user to run a certain command or set of commands as root and not others. You configure this in the /etc/sudoers file. It's much more configurable and powerful than just su, where if you want to alow someone to run a command as root then you have to give them the keys to the whole system.

Ubuntu's implementation of sudo works the same way things do in real life.

If you're just you, you can't open the door to your apartment. If you're you with a key, then you can open it.

If you're just you and an ATM card, you can't withdraw money from the ATM. If you're you with an ATM card and the PIN code for that card, you can withdraw money.

Some people are administrators. Others are not. All people generally operate as limited users most of the time.

Administrators are allowed to temporarily assume root privileges for certain tasks with their user passwords. Non-administrators can never assume root privileges.

But how about this:
This executes only the command(s) between the quotes with root priviledges, and after that you return to being a normal user again. So I think using su does not need to pose a greater risk in this particular example.

The big problem with sudo is that if someone cracks your admin password, then they have the whole box...

If someone cracks a user account of someone who uses su,... they also have to crack the root password...

THAT's the big problem with sudo... mine anyway.

Whether 'su' or 'sudo', I'm very happy to have found a way to stop using root as my main logon in Linux. I could not break away from the habit of always being signed on as root. A left over from the Windows side of my job life. What's interesting is that MS finally decided to use a 'sudo-like' system for their upcoming OS.

I don't buy that at all. They're far more likely to crack root, as they already know the username (root) and the privileges that go along with it (all privileges).

Root Model:
Username - known
Privileges - known and desirable
Password - unknown

Sudo Model:
Username - unknown
Privileges - unknown (might be administrator, might not be)
Password - unknown

Three unknowns versus one unknown. If I were a cracker, I'd want to find the root password right away--screw sudo users.

Regardless of "sudo" advantages and disadvantages, can anyone tell me if it is possible to use the traditional "su" method in Ubuntu / Kubuntu, etc? Or, are you stuck with the "sudo" method?

I ask because others have claimed that you can set up a Ubuntu install that uses the traditional "su" approach. . .though you might have to install something to do so, or configure certain files.

One advantage to using sudo is that you can limit the commands that certain users or members of certain groups are allowed to run as root. Another advantage is that sudo commands are logged. Also, you don't need to reveal the root password that would be required if you relied on su instead. There are some commands like "less" and "vim" that allow you to run shell commands. You either need to prohibit these commands in the /etc/sudoers setup or use a secure mode of these programs (such as compiling less with the SECURE mode build in permanently.) Truly locking down what an admin sudoer user can do would be difficult; so sudo is more of a way of securing the secret of root's password and allowing root tasks to be done without developing the habit of su'ing to root all of the time to do it. You still have to be carefull who you allow root tasks to, with or without sudo.

In Ubuntu the root account is still present, the password just isn't set. Well, it may be set, but certainly not to anything you specify. You could renable by issuing the command 'sudo passwd root'; however, I find it easier to use 'sudo su' to switch to root when I have to. In fact, I use this same method for the non-debian distros that I use as well. It works quite well. The ability to hand out access for just a few commands is really helpful.

I have been installing various distros, having fun and learning about them. I'm using a couple of old laptops to do this.
But I was surprised when the Ubuntu install didn't ask me to set a root password, just a user name and password. Then when I was trying to install new software or update or something I had to go searching google to find out what to do. I found some info about "sudo passwd root". I thought that would set a root password for me, but no, it just took my user password and gave me root privileges. So ... I am still kind of confused why it would work that way, but now, whenever I want to do something that requires root I just have to input the same password I logged in with as user. That doesn't make sense to me.
Other than that I think Ubuntu is real slick and zippy, including on old hardware, which is what I am experimenting with.

Why doesn't that make sense to you?

Mac users don't seem to be confused by it, and Mac OS X uses sudo the same way Ubuntu does.

If you're an admin user, you enter your password to perform admin tasks.

That makes sense. It's a culture shock to you because you're used to other distros that have a root account. But really... think about it--why should need a separate root account to perform administrative tasks?