Sudo
As a beginner any tips on using sudo to get to grips with the command e.g. for improved security?
|
What exactly are you trying to achieve?
Just be more secure? Are you talking about your workstation or administrating servers? |
The sudo command was originally not created to be a proxy for root (despite the *buntus and their creepy sudo fetish). Rather, it was developed to give selected and limited privileges to select users who needed them to perform their duties.
Some examples:
|
Agree with post 3. Using sudo to give additional users the ability to run a specific command or a limited number of commands is useful. The Ubuntu site at the link below lists the advantages/disadvantages of using sudo. Look at the first few advantages which are pretty minor. Most of them are just for the user to put in less effort.
https://help.ubuntu.com/community/RootSudo |
And here's a comment from the anti-sudo brigade!
PCLinuxOS Personally, I suspect that it doesn't matter that much on a home computer and I've also taken the view that it's best to let distros work as their developers want them to. |
Agree with Post #3.
Also, using su as a general admin means any hacker would have to guess your user+passwd just to get in, then guess again for root passwd. OFC you don't have remote access to root - right ! ? Local security is a whole other conversation... |
Quote:
The sudo utility is nowadays usually misunderstood, misconfigured, and abused, often through intentionally wrong settings. Ubuntu got those misunderstandings established as a common practice. Since topic keeps coming up, I keep having to recommend Michael W Lucas' book, sudo Mastery, to learn the real capabilities of sudo as a tool for providing granular access. You local or regional technical college should have it on the shelf, if not they can order it for you. Either way, you can hunt down the video of his talk, "sudo: You're Doing It Wrong", to get a rather quick overview. |
FYI news: run0 is systemd's sudo replacement:
https://outpost.fosspost.org/d/19-sy...do-replacement https://www.osnews.com/story/139490/...cemen-for-sudo https://www.linuxquestions.org/quest...udo-4175736550 etc |
Quote:
Poettering starts stuff but he and his team appear to never delve deeply enough into any given task to master it. The result is a messy trail with a wake of half-baked, poorly though out, partially implemented 'replacements' littering the distro scene. Sadly those 'replacements' get pounded down our throats through internal politics in Debian and Fedora, the two stems from which the tree of distros grow. There is already a solid replacement for sudo called doas. It developed in OpenBSD, but has been ported to many distros. But we haven't heard back from the OP who last posted in this thread some weeks ago. CodeGourmet, what questions remain about sudo after having read post #3 and the other posts? |
Agree with post #3.
I asked Google Gemini it says: Quote:
Quote:
Of course, it's better to ask the user like the following questions, before granting the access. - Why you need the sudo access? - What is the command that you required? - How often do you use or access the command? Then if the user cannot justify, then you decide whether to give them sudo access or not. check this YT, might give you more ideas: https://www.youtube.com/watch?v=yy3CRLTDLQE Good luck! |
yes, it is a good overview: "sudo: You're Doing It Wrong"
Anyway, I don't think run0 is a really good replacement, it raises more questions than it answers. And I believe run0 will me misused even more (if sudo will be replaced). |
Quote:
|
i try to stay away from sudo at all cost
it dose have its place in a multi-user environment and is good for giving other users SOME root privileges but on a single user desktop -- a BIG NO having a real "root" user account is rather handy in fixing a busted update to the system |
I rather disagree with John VV, it can be a useful tool for a single user system.
It depends upon your system, the distribution, and how you have it configured. For the first 10 years of my IT career SUDO did not exist, and I did not run into it until 2002. Doing needless damage and generating complaints because of misuse of ROOT account caused some developers to restrict the root account so that you needed SUDO to complete procedures that required SU access. I am not sure that was wise, but I can see the logic. Alas, they replaced ROOT account misuse with SUDO misuse! Always consider carefully what you want to do that requires root authority, and how to provide the MINIMUM elevated access to accomplish the desired result. |
Quote:
|
All times are GMT -5. The time now is 06:51 AM. |