LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


View Poll Results: Would you configure sudo if it isn't configured by default?
Yes 5 15.63%
No 15 46.88%
I'd have both sudo and root 10 31.25%
Other (please explain in post) 2 6.25%
Voters: 32. You may not vote on this poll

Reply
  Search this Thread
Old 08-13-2019, 09:00 AM   #1
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 2,912

Rep: Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508
Would you enable sudo instead of using the root user account?


I recently installed OpenMandriva Lx 4.0 and upon having a look through it's website discovered the fact it uses sudo by default. As I remembered before reading it's website that my password for my normal user account worked for mounting my other fixed drive that wasn't in fstab at the time. So I had a look at which user groups my normal user was a member of, and the "wheel" group was one of those groups (that I've since removed it from). Anyways, this prompted me to have a look at the "sudoers" file in /etc and sure enough the "wheel" group is listed in that file with ALL root permissions for sudo.

So I checked to make sure my normal account can no longer use sudo (because I can just su into root if I need to do anything that needs root permissions, and personally for a standalone PC like mine, I don't see any need for sudo), and sure enough, I get the output below. To be clear: I DO see the point in sudo in a enterprise/business situation - horses for courses.

Code:
james@jamespc: ~> sudo cd /root
[sudo] password for james: 
james is not in the sudoers file.  This incident will be reported.
Reported to who? Me? I asked myself if I was trouble, myself said he'll forgive me

But anyways, the question is: would you enable sudo on a distro that doesn't configure it by default, instead of using root itself (or both)?

(I'm mainly asking for a standalone situation)
 
Old 08-13-2019, 10:03 AM   #2
petelq
Member
 
Registered: Aug 2008
Location: UK
Distribution: openSUSE(Leap and Tumbleweed) and a regularly changing third
Posts: 385

Rep: Reputation: Disabled
Quote:
Originally Posted by jsbjsb001 View Post

But anyways, the question is: would you enable sudo on a distro that doesn't configure it by default, instead of using root itself (or both)?

(I'm mainly asking for a standalone situation)
I use su almost always but sometimes it's more convenient to use sudo. Opensuse seems to do it differently from other disros that I've tried and I always reset sudo to work that way. It uses the root password, so unless you know the root password on my system, you can't use sudo or su.
 
Old 08-13-2019, 10:46 AM   #3
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,248

Rep: Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925Reputation: 1925
I answered "no" in the poll since I wouldn't use sudo for general root privileges. I do have sudo configured for running some specific harmless commands (with NOPASSWD) from cron scripts (example: reading the hit counts from certain iptables rules).
 
1 members found this post helpful.
Old 08-13-2019, 11:03 AM   #5
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 2,912

Original Poster
Rep: Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508Reputation: 1508
FYI teckk: I DON'T login to the GUI as root, I only su to root at the command-line/terminal (usually only in a terminal window). But that said, I don't see anything wrong with running a text editor as root. But I wouldn't be running my web browser as root tho.

But that said, I do agree one should make sure they only use root only when necessary.

Your second link does raise an interesting point though; does sudo actually make your system less secure, because it may lower you into the false belief that you can rely on a program to "protect" you from yourself - instead of the onus being on yourself to think about what you're doing before doing it? Interesting question.

Last edited by jsbjsb001; 08-13-2019 at 11:31 AM. Reason: addition
 
Old 08-13-2019, 01:03 PM   #6
fatmac
Senior Member
 
Registered: Sep 2011
Location: Upper Hale, Surrey/Hants Border, UK
Posts: 3,076

Rep: Reputation: Disabled
I wouldn't bother configuring it myself, but I have no problem with it being default on distros for personal use, after all, you still have to enter your password, & no one else should know it but you.
 
Old 08-13-2019, 02:29 PM   #7
ehartman
Member
 
Registered: Jul 2007
Location: Delft, The Netherlands
Distribution: Slackware
Posts: 836

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
Originally Posted by fatmac View Post
I wouldn't bother configuring it myself, but I have no problem with it being default on distros for personal use, after all, you still have to enter your password, & no one else should know it but you.
In my latest installation I have enabled sudo, for group "wheel" only (which I'm part of, of course) but in actual fact I almost never use it, too much used to going su instead.
 
Old 08-13-2019, 05:09 PM   #8
fido_dogstoyevsky
Member
 
Registered: Feb 2015
Location: Victoria, Australia
Distribution: Slackware 14.2
Posts: 326
Blog Entries: 2

Rep: Reputation: 383Reputation: 383Reputation: 383Reputation: 383
I voted "no" since the number of times I use a single command as root is small.

Quote:
Originally Posted by jsbjsb001 View Post
...
Code:
james@jamespc: ~> sudo cd /root
[sudo] password for james: 
james is not in the sudoers file.  This incident will be reported.
Reported to who? Me? I asked myself if I was trouble, myself said he'll forgive me ...
You WISH it was you...
 
Old 08-13-2019, 07:55 PM   #9
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,237
Blog Entries: 25

Rep: Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340Reputation: 4340
Sudo is not designed to be used the way the *buntus use it. I've not yet seen a convincing argument for the *buntus' creepy sudo fetish.

The only legitimate use for sudo is to give selected higher privileges to a users who need them to perform their functions, such as, for example, giving a webmaster the ability stop and restart apache.
 
4 members found this post helpful.
Old 08-13-2019, 08:44 PM   #10
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,229

Rep: Reputation: 112Reputation: 112
All my machines have random, unknown root passwords or locked root accounts. I always use sudo. I have it configured so that I'm prompted to provide my user password for everything with maybe one or two exceptions. If I want to do more than a few commands as root I do:
Code:
sudo -i
It works well. A better question to ask me is "Would you enable direct root access, rather than use sudo". To which I would reply: no.
 
Old 08-14-2019, 11:28 AM   #11
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,658

Rep: Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395Reputation: 1395
Disabled 'root' account and using 'sudo' for everything is more secure, in my opinion/experience.
 
Old 08-14-2019, 11:34 AM   #12
ehartman
Member
 
Registered: Jul 2007
Location: Delft, The Netherlands
Distribution: Slackware
Posts: 836

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
Originally Posted by phil.d.g View Post
A better question to ask me is "Would you enable direct root access, rather than use sudo". To which I would reply: no.
The main thing is that with su (and sudo, correctly configured) someone who wants to break into your system needs TWO passwords: that of a (your?) userid AND that of root. Makes becoming root a bit more complicated and thus safer.
 
1 members found this post helpful.
Old 08-14-2019, 01:14 PM   #13
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,310

Rep: Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229Reputation: 2229
Quote:
Originally Posted by frankbell View Post
Sudo is not designed to be used the way the *buntus use it. I've not yet seen a convincing argument for the *buntus' creepy sudo fetish.

The only legitimate use for sudo is to give selected higher privileges to a users who need them to perform their functions, such as, for example, giving a webmaster the ability stop and restart apache.
i agree. However, on a one-use system I find sudo is useful for running scripts with mixed priveledges when installing things. That may, actually, be bad, but I don't see any evidence of it yet (by this I mean installing something as a user but making some root-level changes without having to log in again and run a seperate script).
 
Old 08-14-2019, 01:17 PM   #14
Timothy Miller
Moderator
 
Registered: Feb 2003
Location: Arizona, USA
Distribution: Debian, KDE Neon, Arch, Fedora
Posts: 3,083

Rep: Reputation: 934Reputation: 934Reputation: 934Reputation: 934Reputation: 934Reputation: 934Reputation: 934Reputation: 934
I like sudo because I can give access to certain things for users, while not giving them full root. I like having a root account because if I let my password expire and forget what it was, I still have a way to get into the machine to reset my account password (or in some of the dev servers, I actually just log in as root to do sysadmin stuff, I know, shame on me, but I didn't feel like creating myself an account). So I voted both.
 
Old 08-14-2019, 06:03 PM   #15
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,229

Rep: Reputation: 112Reputation: 112
Quote:
Originally Posted by ehartman View Post
The main thing is that with su (and sudo, correctly configured) someone who wants to break into your system needs TWO passwords: that of a (your?) userid AND that of root. Makes becoming root a bit more complicated and thus safer.
Perhaps.

Though if my machine was compromised I'd be far more concerned with what they've done with my data in terms of copying it or modifying it. Not to mention some hackers go out of their way, or are not interested in root access. They can achieve their goals with the user they've managed to get access as. For example, root access is not required to put a key logger on most people's machines. Putting an appropriate script or .desktop file in the appropriate session startup directory, or even just modifying .bashrc. A huge amount of damage can be done without root access.

Also, there are other measures you can take besides passwords. For example, if you knew my password you would either need physical access to my machine and my passphrase for decrypting the drive or for remote access OpenVPN keys and certs and my private ssh key.

If you had convinced my to run a script/software that gave you a back door, yes you would only need to know one password. But, if the situation was reversed I'd only need to know your root password, not your user password. Same, same.

Also, at work, we use sudo ACLs extensively, hardly anyone has an ability to acquire a root shell. I can run a explicit small list of commands depending on the machine. When used this way sudo is far more secure, and even provides an audit of who did what or attempted to do what, when and where from.

Last edited by phil.d.g; 08-14-2019 at 06:19 PM.
 
  


Reply

Tags
permissions, root, sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sudo to user other than root but do not allow sudo to root Westmoreland Linux - Security 3 02-03-2015 11:48 AM
'sudo ls /root/monitor/' outputs, 'sudo ls /root/monitor/*' does not stf92 Slackware 10 07-19-2012 05:20 PM
howto log usage of shared account (root account) after `sudo su -` drManhattan Linux - Server 5 09-30-2011 07:48 AM
Can't use sudo, only account that's not root is not a sudo'ers [Ubuntu 9.10] randyriver10 Linux - Desktop 1 01-09-2010 07:56 PM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 10:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration