All parties in the matter of Sudo v. Root Account please rise...

glennt11 · 03-13-2011, 12:25 AM

This all really depends on the setting this vote is based on. My assumption is the OP is asking whether you prefer logging in as root, or logging in as your user account and using sudo to perform tasks in a corporate or otherwise "best security is needed" environment.

If that assumption is correct, as far as security goes, sudo hands down kills logging as root in my rule-book. Sudo allows you to set only certain admin commands to a user account, i.e. permissions to only add users, but can't delete them, etc. So you can fine-grain who can do what on your box. Give them the root password? There's not much control you have over what they can do once they log in!

I think you're all missing a key factor of logging in as root vs using sudo from a user account: when you sudo, your user login name and EXACT command that was run are logged in /var/log/secure each time you sudo something(I'm speaking from a Redhat/Fedora based standpoint....not sure how the other distros handle this).

At my company, on our Windows workstations, the same thing happens. The default Administrator account is disabled and a user account is created with Admin privileges to the local machine due to the previously mentioned reason other posters gave. EVERYONE knows a Windows box has an Administrator account, so they already have one-half of the equation to gain access to your machine by leaving it enabled. Will they have as much luck with a admin-enabled user account named hugo64? Maybe...if they figure out hugo64 is an actual account we use!!! (No...hugo64 is not real folks...at least not for my company :-) ).

Same thing with Linux, root is a known username, with known privileges to do whatever it wants. How many accounts can do 'rm -rf /' without any complaints from the system? First thing I'd suggest doing is try to limit this do-anything power if possible!

As far as our personal servers at home are concerned, use whatever gives you that 'fuzzy' feeling! It's 10x easier to login as root and perform the needed tasks. On my company's machines? You're going to need a damn good reason to get the root password, where I can give you a sudo permission to ONLY what you need to use, and can see the commands you tried to run on my box with sudo permissions. Just saying.

Here's an example of some output from the /var/log/secure file, with the X's meaning stuff I've removed:

Code:

Mar 12 08:48:13 COMPUTERNAME sudo: XXXXXXX : TTY=pts/0 ; PWD=/home/XXXXXXX/scripts ; USER=root ; COMMAND=/sbin/service iptables start

Mar 13 00:44:33 COMPUTERNAME sudo: XXXXXXX : TTY=pts/0 ; PWD=/home/XXXXXXX ; USER=root ; COMMAND=/usr/bin/tail /var/log/secure

so as you can see, I can pull this log up and see what you've been doing during your session. Obviously, if this file's been compromised I'm SOL, but I have...backups in place I use to ensure I get this information. Not giving out all the secrets!

So in closing, if we're talking personal home servers, this all doesn't matter. On a machine where you care about who is doing what, see above again! :-)

initialdrifteg6 · 03-13-2011, 12:33 AM

I personally use sudo anytime I need root access. When developing Ruby on Rails applications, I find myself accidently creating a file that needs to be under the SSH access that user has. If I root then I'd forget to switch back. I will often need sudo to bundle install or install a gem. It's just good practice to intentionally type sudo to do something so that you know it is going to be executed as a root user.

foodown · 03-18-2011, 11:50 PM

I find it odd when people talk about sudo being "more secure," especially in the context of a discussion about Ubuntu. In its default configuration, Ubuntu essentially removes any security at all from the root account; any person who gains the password of a non-privileged user with sudoing rights has effectively rooted the box.

Also, maybe I am strange, but when I am acting as the superuser, it is rare that I have only one line of commands to issue. For this reason, sudo seems wholly without usefulness on a desktop linux system. The last thing I want to have to do when involved in administrative tasks is reauthenticate each time I finish typing a line of commands.

Of course, when properly configured, sudo can be quite useful if many users must perform administrative tasks on the same machine or within the same authentication domain. Even in situations like that, though, a "real" root shell should be employed whenever "pipe-hittin'" tasks are to be performed.

Lone_Wolf · 04-04-2011, 06:39 AM

su -, su -c "command" and login as root for me.

Only thing i ever used sudo for was to allow users to shutdown the machine from commandline.

I'm running archlinux and my machines always start to a console login, each has a different root password.

Note : i got no experience with *nix in business environments.

question for Ubuntu users :
what do you do if for some reason all users with sudo root priviliges are unable to login ?

markhahn · 04-04-2011, 07:45 PM

I ssh as root with an encrypted key, and always cringe at systems where users can sudo without a password. however, I do respect sudo for its transparency (in an audit-trail sense.) sudo is a pain to use for more than trivially short operations, though - I sometimes spend much of the day operating as root.

sudo with passwords is a travesty, though: having to type passwords a lot both maximizes their exposure and provides an impetus for weak passwords. I use ssh-agent on a very small number of trusted consoles because, after all, you have to trust the machine you're sitting at. but I don't ever want to type passwords on/to less-trusted machines (have you ever administered a machine that's had an ssh and/or sshd installed that logs all passwords?)

SL00b · 04-06-2011, 08:55 AM

Quote:

Originally Posted by markhahn

sudo is a pain to use for more than trivially short operations, though - I sometimes spend much of the day operating as root.

Again, if you're going to be on the system for quite a while and will need root privileges for most of that time, the command "sudo bash" will solve this problem for you. It's effectively the same as su or a login as root. You won't be bothered with a password prompt again until you exit the bash session.

jhettmer · 04-06-2011, 04:29 PM

sudo is okay for a one-shot. For more I have a script named rootwin, which is (on FC6):
PWD=`/bin/pwd`
su -plm -c "xhost +; cd $PWD; gnome-terminal --window-with-profile=Default &" root

Root's default terminal has a coral background, so can't mistake it. Type the password once. (Had to do something slightly sneakier on ubuntu 9.10, I forget what, but same idea). We use rootwin a lot.

foodown · 04-09-2011, 03:03 AM

An easily customizable alternative /etc/sudoers file for Slackware providing some pretty convenient administrating privileges to those in the root group without them having to have the root password:

Code:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

Defaults        env_resets,insults

# User privilege specification
root    ALL=(ALL) ALL

# Allow many special priviledges to those in the root group.
# Add what you like; Comment out or wipe out what you don't.
%root           ALL=/sbin/mount
%root           ALL=/sbin/umount
%root           ALL=/usr/bin/cp
%root           ALL=/usr/bin/vi
%root           ALL=/bin/kill
%root           ALL=/bin/killall
%root           ALL=/sbin/init
%root           ALL=/sbin/runlevel
%root           ALL=/sbin/shutdown
%root           ALL=/sbin/halt
%root           ALL=/sbin/ctrlaltdel
%root           ALL=/sbin/poweroff
%root           ALL=/sbin/reboot
%root           ALL=/sbin/insmod
%root           ALL=/sbin/insmod.static
%root           ALL=/sbin/rmmod
%root           ALL=/sbin/lsmod
%root           ALL=/sbin/modprobe
%root           ALL=/sbin/modinfo
%root           ALL=/sbin/depmod
%root           ALL=/sbin/ldconfig
%root           ALL=/sbin/fsck
%root           ALL=/sbin/ifconfig
%root           ALL=/sbin/ifrename
%root           ALL=/sbin/ifstat
%root           ALL=/sbin/iwconfig
%root           ALL=/sbin/iwevent
%root           ALL=/sbin/iwgetid
%root           ALL=/sbin/iwlist
%root           ALL=/sbin/iwpriv
%root           ALL=/sbin/iwspy
%root           ALL=/sbin/dhcpcd
%root           ALL=/sbin/route
%root           ALL=/sbin/routel
%root           ALL=/sbin/routef
%root           ALL=/sbin/quotacheck
%root           ALL=/sbin/quotaon
%root           ALL=/sbin/quotaoff
%root           ALL=/sbin/convertquota
%root           ALL=/sbin/swapon
%root           ALL=/sbin/swapoff
%root           ALL=/sbin/lspci
%root           ALL=/sbin/lspcmcia
%root           ALL=/sbin/rescan-scsi-bus
%root           ALL=/sbin/hwclock
%root           ALL=/sbin/makepkg
%root           ALL=/usr/bin/chown
%root           ALL=/usr/bin/chmod

If you are using an LDAP for authentication or anything else non-local, you'll want to change all of those 'ALL's to 'localhost.' (Not the first three, of course.)

An alternative package for sudo, enabling all of the insults:
sudo-1.7.4p6-x86_64-1ram.txz

hans51 · 04-17-2011, 07:10 PM

I work full time on Linux since 1998 and strictly login AND work as root
that keeps me awake and forces me to pay attention to what I do
important to me because all my remote controlled servers also need to be managed

.oOZe. · 04-18-2011, 12:12 PM

sudo is useful for machines with users needing occasional privilege elevation. Disabling root access completely and forcing admin users to repeatedly type their passwords is not only less secure it is also time consuming, particularly when performing many short commands at intervals.

Disabling any remote root logins, limiting login attempts, hardening the system, timing out idle root sessions and using strong passwords (or alternately ssh keys) is far more secure and time effective.

Regarding admins with root access leaving the organization... isn't it about time you changed the root passwords anyway? Or is turnover really that high?

psionl0 · 04-18-2011, 03:16 PM

The only that I have for the sudo command is so that I can shutdown my computer from a fluxbox menu.

In almost all other cases I use the su command if I need root privileges. On very rare occasions I log in as root.

izakharyaschev · 04-18-2011, 03:21 PM

Quote:

Originally Posted by Kenny_Strawn

However, I think that using sudo is more secure than the root account for the same reasons that the Ubuntu developers think so: because the root account is a prime target for password crackers.

But there are also different arguments:

The designers of the secured OpenWall GNU/*/Linux distro have also expressed critical opinions on `su` (for becoming root) and `sudo`. You might be interested in reading this thread:

[...unfortunately both su and sudo are subtly but fundamentally
flawed.](http://www.openwall.com/lists/owl-users/2004/10/20/6):

Quote:

And the reason I give against using this approach is that it
effectively allows anyone who could have compromised the otherwise
non-privileged user account used to su from to gain root (at the
next invocation of su by the admin). So the separation between the
non-root and the root accounts is lost.

Apart from discussing the flaws of `su` and other things, Solar Designer also targets one specific reason to use `su`:

> Yes, it used to be common sysadmin
> wisdom to "su root" rather than login
> as root. Those few who, when asked,
> could actually come up with a valid
> reason for this preference would refer
> to the better accountability achieved
> with this approach. Yes, this really
> is a good reason in favor of this
> approach. But it's also the only one. ...(read more)

In their distro, they have ["completely got rid of SUID root programs in the default install"](http://www.openwall.com/lists/oss-security/2010/11/08/3) (i.e., including `su`; and they do not use capabilities for this):

> For servers, I think people need to
> reconsider and, in most cases,
> disallow invocation of su and sudo by
> the users. There's no added security
> from the old "login as non-root, then
> su or sudo to root" sysadmin "wisdom",
> as compared to logging in as non-root
> and as root directly (two separate
> sessions). On the contrary, the
> latter approach is the only correct
> one, from a security standpoint:
>
> http://www.openwall.com/lists/owl-users/2004/10/20/6
>
> (For accountability of multiple
> sysadmins, the system needs to support
> having multiple root-privileged
> accounts, like Owl does.)
>
> (For desktops with X, this gets
> trickier.)
>
> You also absolutely have to deal with...

BTW, they were to replace `sulogin` with [`msulogin`](http://www.ohloh.net/p/msulogin) to allow the setup with multiple root accounts: `msulogin` allows one to type in the user name also when going into the single user mode (and preserve the "accountability") (this info comes from [this discussion in Russian](http://www.opennet.ru/openforum/vslu.../73378.html#24)).

MBybee · 04-18-2011, 03:42 PM

Sudo 99% of the time, root rarely if ever.

I professionally admin boxes (AIX, IRIX, Linux, FreeBSD, OpenBSD, and Solaris) and follow the same practices on all of them. Always run with the minimum possible permissions, never allow SSH as root. Been doing OS and DB support since before Linux, will continue doing it long after. Even before sudo, it was always the same. Use a 'vanity' account (named user) unless for some reason it is impossible to do so (ultra rare).

jefro · 04-18-2011, 05:42 PM

Wow! Almost half the people are wrong!

John VV · 04-18-2011, 07:32 PM

Quote:

Wow! Almost half the people are wrong!

why ?

su & su - ### is great BUT not for ALL and EVERY situation

sudo ### can open up a hole but is BETTER for some situations

log in as root ### good for a few things BUT not for others

use what IS BEST for the situation and need .