Security of using sudo rather than su?

Alan McKinnon alan at linuxholdings.co.za
Mon Sep 18 07:43:19 UTC 2006 

On Sunday 17 September 2006 19:02, Alexander Skwar wrote:
> > Uhm, yes! Requiring sudo DOES reduce the chances that a
> > command will accidentally be carried out as root. Whether
> > incorrect suggestions are made or not. If you don't see it
> > that way, I'd be interested in your explanation of why
> > requiring sudo DOES NOT reduce the chances.
>
> It leads to a too careless use of sudo and running commands
> with root (sudo) even if that's not required.

Alexander, I don't follow your reasoning, and you haven't 
supplied any reasons why I should take this assertion 
seriously.

With sudo, the user has to prepend each command with the 
word 'sudo'. Now some users might start doing that 
automatically and use sudo without thinking about it (in the 
same manner as some users blindly click OK through a series of 
dialogs), but at least they have to type it and consciously 
enter their password at least once, so there's some chance 
they'll think a little about it.

Contrast that with 'su' and keep in mind that Ubuntu's majority 
user profile is general users on their own personal 
workstation. Therefore the average user HAS the root password, 
so to get root access to do valid root stuff like 'apt-get 
install ... ' they will 'su -', and get a console where all 
bets are off and they have unrestricted access. Now the 
deterrent factor of sudo is gone and replaced with ... nothing.

Remember, the user has no other realistic option than to su to 
root. He could use 'su -c <command>' but most users will get 
fed up with that - entering the root password EVERY time, 
forgetting to quote the command - and will very quickly find 
out about 'su -' and use that instead.

su in the hands of the average user who fits Ubuntu's target 
market is like a child playing with dynamite. sudo may not be 
perfect, but of all the current solutions, it's the best all 
round compromise. Remember that you are a knowledgeable fellow 
and understand the risks. You are also in the minority and most 
other Ubuntu users either don't know, don't understand or don't 
care about the risks so what works for you will definitely not 
work for them.

I myself activate the root account on my own machines. Like you, 
I understand the risks, but there's no ways I'd do it for the 
regular users I see around me. Ubuntu has made the best 
possible choice and compromise here - use the most suitable 
settings by default and give the pros the means to change it to 
something else if they want to.

alan

More information about the ubuntu-users mailing list