sudo versus #

Tom H tomh0665 at gmail.com
Wed Feb 10 21:50:46 UTC 2010


> It's my understanding that the sudo command basically executes the
> subsequent command as superuser.  I fail to see the difference between
> having a # prompt logged into superuser and sudo, other than ensuring that
> you don't make mistakes, unless having the terminal open can allow
> attackers to infiltrate the system?  I have been using command line unix
> for a long time.  I don't make mistakes.  What is the real implications of
> sudo?

> Also, I notice that when Ubuntu gives me those update dialog boxes my root
> password doesn't work to allow the installation to go forward.  This makes
> me irritated, because it instead wants my normal user password, which for
> me by design is a weaker password that I use for more things and thus
> could be more easily cracked. My root password is longer and I use it for
> less things. Both are immune to dictionary attack, but it bothers me the
> way this subverts my configuration.

You can change the password behaviour of sudo by adding one of the
following to /etc/sudoers

Defaults rootpw - expect root's password
Defaults runaspw - expect the password of the user set as the runas_default
Defaults targetpw - expect the password of the user being sudo'd to

You can set this option per user/user_alias/host_alias.

I started out on nix with Solaris and am a RHEL/Solaris admin so the
first thing that I do on my Ubuntu installs (at home or when
moonlighting) is to enable root. It's a habit and a choice with which
many/most people who use OS X and Ubuntu will disagree. You could have
an endless pro and con thread.

I have used, in various companies, sudo to enable certain users to do
certain tasks (as root or as another system user) and it is a very
useful tool, especially when you have many users (and possibly SarBox
quidelines).

On the other hand, I worked a few weekends in November/December at a
company where I have worked off and on for eight years and there we
telnet as root from one box to another and, at the console, root is
logged on through the GUI...




More information about the ubuntu-users mailing list