sudo versus #

[Gilles Gravier]

Hi, Kayven!

On 10/02/2010 21:00, KAYVEN RIESE wrote:
> It's my understanding that the sudo command basically executes the 
> subsequent command as superuser.  I fail to see the difference between 
> having a # prompt logged into superuser and sudo, other than ensuring that 
> you don't make mistakes, unless having the terminal open can allow 
> attackers to infiltrate the system?  I have been using command line unix 
> for a long time.  I don't make mistakes.  What is the real implications of 
> sudo?
>
> Also, I notice that when Ubuntu gives me those update dialog boxes my root 
> password doesn't work to allow the installation to go forward.  This makes 
> me irritated, because it instead wants my normal user password, which for 
> me by design is a weaker password that I use for more things and thus 
> could be more easily cracked.  My root password is longer and I use it for 
> less things.  Both are immune to dictionary attack, but it bothers me the 
> way this subverts my configuration.
>   

The key issue here is tracability and audit.

If you log in to root, or su to root, once you are root, every command
you type is traced to root. If multiple users su to root at the same
time, nobody really knows which user typed what in particular, and then
as root (whether su or login) you can do ANYTHING without anybody being
able to know who did it.

With sudo, you can trace each command to the individual user who did it.

If user A types "sudo rm -rf /home/userB"... then the system
administrator can trace that command to user A and take appropriate
disciplinary actions.

If user A logs in as root and does "rm -rf /home/userB"... nobody really
knows who logged in as root.

This is critical in multi-user environments. Not as much on a single
user machine. But Linux was designed (just as Unix) for multi-user
environments.

Gilles.