Security of using sudo rather than su?
alan at linuxholdings.co.za
Mon Sep 18 08:43:19 BST 2006
On Sunday 17 September 2006 19:02, Alexander Skwar wrote:
> > Uhm, yes! Requiring sudo DOES reduce the chances that a
> > command will accidentally be carried out as root. Whether
> > incorrect suggestions are made or not. If you don't see it
> > that way, I'd be interested in your explanation of why
> > requiring sudo DOES NOT reduce the chances.
> It leads to a too careless use of sudo and running commands
> with root (sudo) even if that's not required.
Alexander, I don't follow your reasoning, and you haven't
supplied any reasons why I should take this assertion
With sudo, the user has to prepend each command with the
word 'sudo'. Now some users might start doing that
automatically and use sudo without thinking about it (in the
same manner as some users blindly click OK through a series of
dialogs), but at least they have to type it and consciously
enter their password at least once, so there's some chance
they'll think a little about it.
Contrast that with 'su' and keep in mind that Ubuntu's majority
user profile is general users on their own personal
workstation. Therefore the average user HAS the root password,
so to get root access to do valid root stuff like 'apt-get
install ... ' they will 'su -', and get a console where all
bets are off and they have unrestricted access. Now the
deterrent factor of sudo is gone and replaced with ... nothing.
Remember, the user has no other realistic option than to su to
root. He could use 'su -c <command>' but most users will get
fed up with that - entering the root password EVERY time,
forgetting to quote the command - and will very quickly find
out about 'su -' and use that instead.
su in the hands of the average user who fits Ubuntu's target
market is like a child playing with dynamite. sudo may not be
perfect, but of all the current solutions, it's the best all
round compromise. Remember that you are a knowledgeable fellow
and understand the risks. You are also in the minority and most
other Ubuntu users either don't know, don't understand or don't
care about the risks so what works for you will definitely not
work for them.
I myself activate the root account on my own machines. Like you,
I understand the risks, but there's no ways I'd do it for the
regular users I see around me. Ubuntu has made the best
possible choice and compromise here - use the most suitable
settings by default and give the pros the means to change it to
something else if they want to.
More information about the ubuntu-users