I recently installed OpenMandriva Lx 4.0 and upon having a look through it's website discovered the fact it uses sudo by default. As I remembered before reading it's website that my password for my normal user account worked for mounting my other fixed drive that wasn't in fstab at the time. So I had a look at which user groups my normal user was a member of, and the "wheel" group was one of those groups (that I've since removed it from). Anyways, this prompted me to have a look at the "sudoers" file in /etc and sure enough the "wheel" group is listed in that file with ALL root permissions for sudo.

So I checked to make sure my normal account can no longer use sudo (because I can just su into root if I need to do anything that needs root permissions, and personally for a standalone PC like mine, I don't see any need for sudo), and sure enough, I get the output below. To be clear: I DO see the point in sudo in a enterprise/business situation - horses for courses.

Reported to who? Me? I asked myself if I was trouble, myself said he'll forgive me

But anyways, the question is: would you enable sudo on a distro that doesn't configure it by default, instead of using root itself (or both)?

(I'm mainly asking for a standalone situation)

I use su almost always but sometimes it's more convenient to use sudo. Opensuse seems to do it differently from other disros that I've tried and I always reset sudo to work that way. It uses the root password, so unless you know the root password on my system, you can't use sudo or su.

I answered "no" in the poll since I wouldn't use sudo for general root privileges. I do have sudo configured for running some specific harmless commands (with NOPASSWD) from cron scripts (example: reading the hit counts from certain iptables rules).

1 members found this post helpful.

https://www.howtogeek.com/124950/htg...ystem-as-root/
https://askubuntu.com/questions/1617...log-in-as-root
https://unix.stackexchange.com/quest...-to-disable-it

FYI teckk: I DON'T login to the GUI as root, I only su to root at the command-line/terminal (usually only in a terminal window). But that said, I don't see anything wrong with running a text editor as root. But I wouldn't be running my web browser as root tho.

But that said, I do agree one should make sure they only use root only when necessary.

Your second link does raise an interesting point though; does sudo actually make your system less secure, because it may lower you into the false belief that you can rely on a program to "protect" you from yourself - instead of the onus being on yourself to think about what you're doing before doing it? Interesting question.

I wouldn't bother configuring it myself, but I have no problem with it being default on distros for personal use, after all, you still have to enter your password, & no one else should know it but you.

In my latest installation I have enabled sudo, for group "wheel" only (which I'm part of, of course) but in actual fact I almost never use it, too much used to going su instead.

I voted "no" since the number of times I use a single command as root is small.

You WISH it was you...

Sudo is not designed to be used the way the *buntus use it. I've not yet seen a convincing argument for the *buntus' creepy sudo fetish.

The only legitimate use for sudo is to give selected higher privileges to a users who need them to perform their functions, such as, for example, giving a webmaster the ability stop and restart apache.

4 members found this post helpful.

All my machines have random, unknown root passwords or locked root accounts. I always use sudo. I have it configured so that I'm prompted to provide my user password for everything with maybe one or two exceptions. If I want to do more than a few commands as root I do:
It works well. A better question to ask me is "Would you enable direct root access, rather than use sudo". To which I would reply: no.

Disabled 'root' account and using 'sudo' for everything is more secure, in my opinion/experience.

The main thing is that with su (and sudo, correctly configured) someone who wants to break into your system needs TWO passwords: that of a (your?) userid AND that of root. Makes becoming root a bit more complicated and thus safer.

1 members found this post helpful.

i agree. However, on a one-use system I find sudo is useful for running scripts with mixed priveledges when installing things. That may, actually, be bad, but I don't see any evidence of it yet (by this I mean installing something as a user but making some root-level changes without having to log in again and run a seperate script).

I like sudo because I can give access to certain things for users, while not giving them full root. I like having a root account because if I let my password expire and forget what it was, I still have a way to get into the machine to reset my account password (or in some of the dev servers, I actually just log in as root to do sysadmin stuff, I know, shame on me, but I didn't feel like creating myself an account). So I voted both.

Perhaps.

Though if my machine was compromised I'd be far more concerned with what they've done with my data in terms of copying it or modifying it. Not to mention some hackers go out of their way, or are not interested in root access. They can achieve their goals with the user they've managed to get access as. For example, root access is not required to put a key logger on most people's machines. Putting an appropriate script or .desktop file in the appropriate session startup directory, or even just modifying .bashrc. A huge amount of damage can be done without root access.

Also, there are other measures you can take besides passwords. For example, if you knew my password you would either need physical access to my machine and my passphrase for decrypting the drive or for remote access OpenVPN keys and certs and my private ssh key.

If you had convinced my to run a script/software that gave you a back door, yes you would only need to know one password. But, if the situation was reversed I'd only need to know your root password, not your user password. Same, same.

Also, at work, we use sudo ACLs extensively, hardly anyone has an ability to acquire a root shell. I can run a explicit small list of commands depending on the machine. When used this way sudo is far more secure, and even provides an audit of who did what or attempted to do what, when and where from.