Why do all the sudo? [was Re: Software updater no longer functional]

Ken D'Ambrosio ken at jots.org
Sun Jan 22 17:21:42 UTC 2017 

On 2017-01-22 12:12, Robert Heller wrote:

>> Yep! Couldn't agree more. I use 'sudo -i' a lot! But it's rarely
>> suggested in any advice or documentation I've seen.
> 
> This is intentional.

It is.  But...

> sudo -i is *dangerous* for exactly the same reason "su" is dangerous.  
> One
> of the whole points of sudo was to avoid logging in as root or using 
> the su
> command.  Before sudo was "invented", UNIX sys admins regularly logged 
> in as
> root and/or used su to gain a root shell.  And just as often shot 
> themselves
> in the foot.  Sudo is very much like the safety lever on guns -- the 
> point is
> to prevent accidents.
> 
> It is far too easy to *forget* that one is root and do something 
> stupid.  Also
> it is possible to leave your system open to someone sitting down at 
> your
> screen and doing something bad.

This is where I have to tepidly disagree.  No matter what you're doing, 
if you start doing mindless repetition of something (e.g., prefacing 
commands with 'sudo'), you're vastly more likely to make a Stupid 
Mistake.  To me, I do 'sudo bash' when I'm doing something specifically 
system-administrationish, and then, when done, log out.  If I can't 
remember to do that, I really shouldn't be being an admin in the first 
place.  As for someone sitting at your desk, a) if you're not working 
with trustworthy people, you should either quit or fire them, and b) you 
should also, regardless, have a screensaver going with a relatively 
short timeout.

NOTE: I am not-not-not saying that sudo is a bad thing, and that you 
should do one-off use of it most of the time.  But if you're doing 100 
commands in a row (e.g,. during a complex configuration operation), by 
the time you get to #20, you'll be typing 'sudo' in front, stupidly, and 
without thinking.  That's even worse.

I also say this as someone with 30 years' admin experience, over 20 of 
them with Linux specifically.  And the worst damage I've ever done was 
knowingly (e.g., time time I followed instructions and blew away a 
partition -- only to find out that the person giving instructions hadn't 
done their backups right), or not as admin.

The keyword here is *always* be careful when issuing destructive 
commands, regardless of what user you are.

-Ken

More information about the ubuntu-users mailing list