All parties in the matter of Sudo v. Root Account please rise...
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
View Poll Results: Do you use sudo or the root account to gain root privileges?
This all really depends on the setting this vote is based on. My assumption is the OP is asking whether you prefer logging in as root, or logging in as your user account and using sudo to perform tasks in a corporate or otherwise "best security is needed" environment.
If that assumption is correct, as far as security goes, sudo hands down kills logging as root in my rule-book. Sudo allows you to set only certain admin commands to a user account, i.e. permissions to only add users, but can't delete them, etc. So you can fine-grain who can do what on your box. Give them the root password? There's not much control you have over what they can do once they log in!
I think you're all missing a key factor of logging in as root vs using sudo from a user account: when you sudo, your user login name and EXACT command that was run are logged in /var/log/secure each time you sudo something(I'm speaking from a Redhat/Fedora based standpoint....not sure how the other distros handle this).
At my company, on our Windows workstations, the same thing happens. The default Administrator account is disabled and a user account is created with Admin privileges to the local machine due to the previously mentioned reason other posters gave. EVERYONE knows a Windows box has an Administrator account, so they already have one-half of the equation to gain access to your machine by leaving it enabled. Will they have as much luck with a admin-enabled user account named hugo64? Maybe...if they figure out hugo64 is an actual account we use!!! (No...hugo64 is not real folks...at least not for my company :-) ).
Same thing with Linux, root is a known username, with known privileges to do whatever it wants. How many accounts can do 'rm -rf /' without any complaints from the system? First thing I'd suggest doing is try to limit this do-anything power if possible!
As far as our personal servers at home are concerned, use whatever gives you that 'fuzzy' feeling! It's 10x easier to login as root and perform the needed tasks. On my company's machines? You're going to need a damn good reason to get the root password, where I can give you a sudo permission to ONLY what you need to use, and can see the commands you tried to run on my box with sudo permissions. Just saying.
Here's an example of some output from the /var/log/secure file, with the X's meaning stuff I've removed:
so as you can see, I can pull this log up and see what you've been doing during your session. Obviously, if this file's been compromised I'm SOL, but I have...backups in place I use to ensure I get this information. Not giving out all the secrets!
So in closing, if we're talking personal home servers, this all doesn't matter. On a machine where you care about who is doing what, see above again! :-)
I personally use sudo anytime I need root access. When developing Ruby on Rails applications, I find myself accidently creating a file that needs to be under the SSH access that user has. If I root then I'd forget to switch back. I will often need sudo to bundle install or install a gem. It's just good practice to intentionally type sudo to do something so that you know it is going to be executed as a root user.
I find it odd when people talk about sudo being "more secure," especially in the context of a discussion about Ubuntu. In its default configuration, Ubuntu essentially removes any security at all from the root account; any person who gains the password of a non-privileged user with sudoing rights has effectively rooted the box.
Also, maybe I am strange, but when I am acting as the superuser, it is rare that I have only one line of commands to issue. For this reason, sudo seems wholly without usefulness on a desktop linux system. The last thing I want to have to do when involved in administrative tasks is reauthenticate each time I finish typing a line of commands.
Of course, when properly configured, sudo can be quite useful if many users must perform administrative tasks on the same machine or within the same authentication domain. Even in situations like that, though, a "real" root shell should be employed whenever "pipe-hittin'" tasks are to be performed.
I ssh as root with an encrypted key, and always cringe at systems where users can sudo without a password. however, I do respect sudo for its transparency (in an audit-trail sense.) sudo is a pain to use for more than trivially short operations, though - I sometimes spend much of the day operating as root.
sudo with passwords is a travesty, though: having to type passwords a lot both maximizes their exposure and provides an impetus for weak passwords. I use ssh-agent on a very small number of trusted consoles because, after all, you have to trust the machine you're sitting at. but I don't ever want to type passwords on/to less-trusted machines (have you ever administered a machine that's had an ssh and/or sshd installed that logs all passwords?)
sudo is a pain to use for more than trivially short operations, though - I sometimes spend much of the day operating as root.
Again, if you're going to be on the system for quite a while and will need root privileges for most of that time, the command "sudo bash" will solve this problem for you. It's effectively the same as su or a login as root. You won't be bothered with a password prompt again until you exit the bash session.
sudo is okay for a one-shot. For more I have a script named rootwin, which is (on FC6):
PWD=`/bin/pwd`
su -plm -c "xhost +; cd $PWD; gnome-terminal --window-with-profile=Default &" root
Root's default terminal has a coral background, so can't mistake it. Type the password once. (Had to do something slightly sneakier on ubuntu 9.10, I forget what, but same idea). We use rootwin a lot.
An easily customizable alternative /etc/sudoers file for Slackware providing some pretty convenient administrating privileges to those in the root group without them having to have the root password:
Code:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
Defaults env_resets,insults
# User privilege specification
root ALL=(ALL) ALL
# Allow many special priviledges to those in the root group.
# Add what you like; Comment out or wipe out what you don't.
%root ALL=/sbin/mount
%root ALL=/sbin/umount
%root ALL=/usr/bin/cp
%root ALL=/usr/bin/vi
%root ALL=/bin/kill
%root ALL=/bin/killall
%root ALL=/sbin/init
%root ALL=/sbin/runlevel
%root ALL=/sbin/shutdown
%root ALL=/sbin/halt
%root ALL=/sbin/ctrlaltdel
%root ALL=/sbin/poweroff
%root ALL=/sbin/reboot
%root ALL=/sbin/insmod
%root ALL=/sbin/insmod.static
%root ALL=/sbin/rmmod
%root ALL=/sbin/lsmod
%root ALL=/sbin/modprobe
%root ALL=/sbin/modinfo
%root ALL=/sbin/depmod
%root ALL=/sbin/ldconfig
%root ALL=/sbin/fsck
%root ALL=/sbin/ifconfig
%root ALL=/sbin/ifrename
%root ALL=/sbin/ifstat
%root ALL=/sbin/iwconfig
%root ALL=/sbin/iwevent
%root ALL=/sbin/iwgetid
%root ALL=/sbin/iwlist
%root ALL=/sbin/iwpriv
%root ALL=/sbin/iwspy
%root ALL=/sbin/dhcpcd
%root ALL=/sbin/route
%root ALL=/sbin/routel
%root ALL=/sbin/routef
%root ALL=/sbin/quotacheck
%root ALL=/sbin/quotaon
%root ALL=/sbin/quotaoff
%root ALL=/sbin/convertquota
%root ALL=/sbin/swapon
%root ALL=/sbin/swapoff
%root ALL=/sbin/lspci
%root ALL=/sbin/lspcmcia
%root ALL=/sbin/rescan-scsi-bus
%root ALL=/sbin/hwclock
%root ALL=/sbin/makepkg
%root ALL=/usr/bin/chown
%root ALL=/usr/bin/chmod
If you are using an LDAP for authentication or anything else non-local, you'll want to change all of those 'ALL's to 'localhost.' (Not the first three, of course.)
I work full time on Linux since 1998 and strictly login AND work as root
that keeps me awake and forces me to pay attention to what I do
important to me because all my remote controlled servers also need to be managed
sudo is useful for machines with users needing occasional privilege elevation. Disabling root access completely and forcing admin users to repeatedly type their passwords is not only less secure it is also time consuming, particularly when performing many short commands at intervals.
Disabling any remote root logins, limiting login attempts, hardening the system, timing out idle root sessions and using strong passwords (or alternately ssh keys) is far more secure and time effective.
Regarding admins with root access leaving the organization... isn't it about time you changed the root passwords anyway? Or is turnover really that high?
against sudo/su: allows to gain root from a compromised otherwise non-privileged user account (Owl)
Quote:
Originally Posted by Kenny_Strawn
However, I think that using sudo is more secure than the root account for the same reasons that the Ubuntu developers think so: because the root account is a prime target for password crackers.
But there are also different arguments:
The designers of the secured OpenWall GNU/*/Linux distro have also expressed critical opinions on `su` (for becoming root) and `sudo`. You might be interested in reading this thread:
And the reason I give against using this approach is that it
effectively allows anyone who could have compromised the otherwise
non-privileged user account used to su from to gain root (at the
next invocation of su by the admin). So the separation between the
non-root and the root accounts is lost.
Apart from discussing the flaws of `su` and other things, Solar Designer also targets one specific reason to use `su`:
> Yes, it used to be common sysadmin
> wisdom to "su root" rather than login
> as root. Those few who, when asked,
> could actually come up with a valid
> reason for this preference would refer
> to the better accountability achieved
> with this approach. Yes, this really
> is a good reason in favor of this
> approach. But it's also the only one. ...(read more)
> For servers, I think people need to
> reconsider and, in most cases,
> disallow invocation of su and sudo by
> the users. There's no added security
> from the old "login as non-root, then
> su or sudo to root" sysadmin "wisdom",
> as compared to logging in as non-root
> and as root directly (two separate
> sessions). On the contrary, the
> latter approach is the only correct
> one, from a security standpoint:
>
> http://www.openwall.com/lists/owl-users/2004/10/20/6
>
> (For accountability of multiple
> sysadmins, the system needs to support
> having multiple root-privileged
> accounts, like Owl does.)
>
> (For desktops with X, this gets
> trickier.)
>
> You also absolutely have to deal with...
BTW, they were to replace `sulogin` with [`msulogin`](http://www.ohloh.net/p/msulogin) to allow the setup with multiple root accounts: `msulogin` allows one to type in the user name also when going into the single user mode (and preserve the "accountability") (this info comes from [this discussion in Russian](http://www.opennet.ru/openforum/vslu.../73378.html#24)).
I professionally admin boxes (AIX, IRIX, Linux, FreeBSD, OpenBSD, and Solaris) and follow the same practices on all of them. Always run with the minimum possible permissions, never allow SSH as root. Been doing OS and DB support since before Linux, will continue doing it long after. Even before sudo, it was always the same. Use a 'vanity' account (named user) unless for some reason it is impossible to do so (ultra rare).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.