Skip to main content
Server Fault

Return to Answer

added 110 characters in body
Source Link
thomasrutter
thomasrutter
  • 2.7k
  • 2
  • 27
  • 35

sudo is secure - secure enough for some distributions (Ubuntu) to use and recommend it by default.

That said, if you give blanket sudo rights to a user it largely removes the separation you have between that account and a root account. If you give blanket sudo rights to user timmy, for example, the timmy account becomes as privileged as the root account. Anyone who breaks into timmy's account can do anything as root (in most cases, timmy's password is needed).

Pro-sudo arguments

  • Usually set up so that nobody can log in as the user called "root". Can make it harder to brute-force a superuser login.
  • You can have fine-grained control over which commands a user can execute as superuser (though usually you'd give all privileges to one account, which effectively serves the same role as "root" with a different name).
  • Removes the temptation to just stay logged in as root, when not all commands you run need superuser privileges.

Anti-sudo arguments

  • sudo might be seen to encourage the practice of handing out superuser-level privileges to users, which is probably not a good idea.
  • sudo is a little more complicated to set up because it is so flexible, and. While this allows you to make it nice and secure, it can also make it easier to inadvertently open up security gaps if you're not careful or don't understand what you're doing.
  • It can be seen as a bad idea in general to use an account with superuser privileges for everyday use, and having sudo privileges is the next best thing. A counter-argument to this is that the your user password is (in most cases) still required to elevate to superuser status, and this is not likely to be known to intruders/errant processes running as you.

Essentially they are just two different schools of thought, both valid enough to have whole distributions backing their own approach.

I'm more comfortable with the non-sudo approach, mainly because that's what I'm more familiar with as a Debian user. I find the simplicity of having a root account over the flexibility of sudo wins for me. I don't allow root login remotely (ie via SSH) and I recommend that nobody else should, either.

sudo is secure - secure enough for some distributions (Ubuntu) to use and recommend it by default.

That said, if you give blanket sudo rights to a user it largely removes the separation you have between that account and a root account. If you give blanket sudo rights to user timmy, for example, the timmy account becomes as privileged as the root account. Anyone who breaks into timmy's account can do anything as root (in most cases, timmy's password is needed).

Pro-sudo arguments

  • Usually set up so that nobody can log in as the user called "root". Can make it harder to brute-force a superuser login.
  • You can have fine-grained control over which commands a user can execute as superuser (though usually you'd give all privileges to one account, which effectively serves the same role as "root" with a different name).
  • Removes the temptation to just stay logged in as root, when not all commands you run need superuser privileges.

Anti-sudo arguments

  • sudo might be seen to encourage the practice of handing out superuser-level privileges to users, which is probably not a good idea.
  • sudo is a little more complicated to set up because it is so flexible, and this can make it easier to inadvertently open up security gaps.
  • It can be seen as a bad idea in general to use an account with superuser privileges for everyday use, and having sudo privileges is the next best thing. A counter-argument to this is that the your user password is (in most cases) still required to elevate to superuser status, and this is not likely to be known to intruders/errant processes running as you.

Essentially they are just two different schools of thought, both valid enough to have whole distributions backing their own approach.

I'm more comfortable with the non-sudo approach, mainly because that's what I'm more familiar with as a Debian user. I find the simplicity of having a root account over the flexibility of sudo wins for me. I don't allow root login remotely (ie via SSH) and I recommend that nobody else should, either.

sudo is secure - secure enough for some distributions (Ubuntu) to use and recommend it by default.

That said, if you give blanket sudo rights to a user it largely removes the separation you have between that account and a root account. If you give blanket sudo rights to user timmy, for example, the timmy account becomes as privileged as the root account. Anyone who breaks into timmy's account can do anything as root (in most cases, timmy's password is needed).

Pro-sudo arguments

  • Usually set up so that nobody can log in as the user called "root". Can make it harder to brute-force a superuser login.
  • You can have fine-grained control over which commands a user can execute as superuser (though usually you'd give all privileges to one account, which effectively serves the same role as "root" with a different name).
  • Removes the temptation to just stay logged in as root, when not all commands you run need superuser privileges.

Anti-sudo arguments

  • sudo might be seen to encourage the practice of handing out superuser-level privileges to users, which is probably not a good idea.
  • sudo is a little more complicated to set up because it is so flexible. While this allows you to make it nice and secure, it can also make it easier to inadvertently open up security gaps if you're not careful or don't understand what you're doing.
  • It can be seen as a bad idea in general to use an account with superuser privileges for everyday use, and having sudo privileges is the next best thing. A counter-argument to this is that the your user password is (in most cases) still required to elevate to superuser status, and this is not likely to be known to intruders/errant processes running as you.

Essentially they are just two different schools of thought, both valid enough to have whole distributions backing their own approach.

I'm more comfortable with the non-sudo approach, mainly because that's what I'm more familiar with as a Debian user. I find the simplicity of having a root account over the flexibility of sudo wins for me. I don't allow root login remotely (ie via SSH) and I recommend that nobody else should, either.

Source Link
thomasrutter
thomasrutter
  • 2.7k
  • 2
  • 27
  • 35

sudo is secure - secure enough for some distributions (Ubuntu) to use and recommend it by default.

That said, if you give blanket sudo rights to a user it largely removes the separation you have between that account and a root account. If you give blanket sudo rights to user timmy, for example, the timmy account becomes as privileged as the root account. Anyone who breaks into timmy's account can do anything as root (in most cases, timmy's password is needed).

Pro-sudo arguments

  • Usually set up so that nobody can log in as the user called "root". Can make it harder to brute-force a superuser login.
  • You can have fine-grained control over which commands a user can execute as superuser (though usually you'd give all privileges to one account, which effectively serves the same role as "root" with a different name).
  • Removes the temptation to just stay logged in as root, when not all commands you run need superuser privileges.

Anti-sudo arguments

  • sudo might be seen to encourage the practice of handing out superuser-level privileges to users, which is probably not a good idea.
  • sudo is a little more complicated to set up because it is so flexible, and this can make it easier to inadvertently open up security gaps.
  • It can be seen as a bad idea in general to use an account with superuser privileges for everyday use, and having sudo privileges is the next best thing. A counter-argument to this is that the your user password is (in most cases) still required to elevate to superuser status, and this is not likely to be known to intruders/errant processes running as you.

Essentially they are just two different schools of thought, both valid enough to have whole distributions backing their own approach.

I'm more comfortable with the non-sudo approach, mainly because that's what I'm more familiar with as a Debian user. I find the simplicity of having a root account over the flexibility of sudo wins for me. I don't allow root login remotely (ie via SSH) and I recommend that nobody else should, either.