Why do all the sudo? [was Re: Software updater no longer functional]

Joel Rees joel.rees at gmail.com
Sat Jan 28 00:33:46 UTC 2017


On Fri, Jan 27, 2017 at 10:59 PM, Colin Watson <cjwatson at ubuntu.com> wrote:
> On Fri, Jan 27, 2017 at 02:19:58PM +0100, Ralf Mardorf wrote:
>> Yes, sudo has got a benefit, especially in combination with the
>> timestamp, e.g. for scripts, that compile something without root
>> privileges and after that install something, that requires root
>> privileges.
>
> As a side note, sudo is also superior to su in shell command design
> terms, because if it's being used in an adverbial style (i.e. "run this
> command with these arguments as another user") then it doesn't require
> the subsidiary command and arguments to be quoted and passed as a single
> argument.  Shell quoting is complicated and error-prone, so it's always
> better where possible for adverbial commands to be written in a style
> that doesn't require an extra layer of quoting.

sudo parameters can be a mess, too, especially since the shell blocks
you from checking wildcard results unless you do get yourself an
interactive shell (via sudo -i, etc.). It's better than doing the same
thing with su, but not really perfect. (I wonder how hard it would be
to make the tab feature sensitive to sudo permissions without breaking
too many of the security wall down for the convenience of the
hunt-and-peck moment.)

(And we'll remember that su can still be used, really. It just
requires one to set a root password. And that really is not so much of
a problem, if you set a really strong one and disable remote login to
root through, for example, ssh, ftp, nfs, etc., and refrain from using
su from an account that might  harbor lingering keyloggers from a
stray web browser session.)

> Since su has been around for such a long time, I suspect that it may
> predate a general understanding of this class of problem (though I don't
> know this for sure, as both su and sudo predate me by quite a while).

For what it's worth, the openbsd team has been moving most of the
system-level  change-user kind of stuff they do away from sudo to a
tool of their own invention -- "doas". (As far as I know, they haven't
 been talking about integrating it with the shell tab feature. I think
I'm joking when I talk about that.)

sudo, in it's current form, does have some serious problems.

But the problem of extra typing is not one of the serious problems.

-- 
Joel Rees

I'm imagining I'm a novelist:
http://reiisi.blogspot.jp/p/novels-i-am-writing.html




More information about the ubuntu-users mailing list