Sudo
 

As a beginner any tips on using sudo to get to grips with the command e.g. for improved security?

What exactly are you trying to achieve?

Just be more secure? Are you talking about your workstation or administrating servers?

The sudo command was originally not created to be a proxy for root (despite the *buntus and their creepy sudo fetish). Rather, it was developed to give selected and limited privileges to select users who needed them to perform their duties.

Some examples:

• Web administrators who might need to restart apache but have no need to, update a system or add or remove users.
• Someone in a personnel department who needs to add new users, but is not authorized to install and remove software.
• IT personel who might need to login under other users' credentials to troubleshoot a problem, but don't need root privileges.

You might find this article on the history of sudo helpful.

Agree with post 3. Using sudo to give additional users the ability to run a specific command or a limited number of commands is useful. The Ubuntu site at the link below lists the advantages/disadvantages of using sudo. Look at the first few advantages which are pretty minor. Most of them are just for the user to put in less effort.

https://help.ubuntu.com/community/RootSudo

And here's a comment from the anti-sudo brigade!
PCLinuxOS
Personally, I suspect that it doesn't matter that much on a home computer and I've also taken the view that it's best to let distros work as their developers want them to.

Agree with Post #3.

Also, using su as a general admin means any hacker would have to guess your user+passwd just to get in, then guess again for root passwd.
OFC you don't have remote access to root - right ! ?

Local security is a whole other conversation...

I'd also second post #3.

The sudo utility is nowadays usually misunderstood, misconfigured, and abused, often through intentionally wrong settings. Ubuntu got those misunderstandings established as a common practice.

Since topic keeps coming up, I keep having to recommend Michael W Lucas' book, sudo Mastery, to learn the real capabilities of sudo as a tool for providing granular access. You local or regional technical college should have it on the shelf, if not they can order it for you. Either way, you can hunt down the video of his talk, "sudo: You're Doing It Wrong", to get a rather quick overview.

FYI news: run0 is systemd's sudo replacement:
https://outpost.fosspost.org/d/19-sy...do-replacement
https://www.osnews.com/story/139490/...cemen-for-sudo
https://www.linuxquestions.org/quest...udo-4175736550
etc

I thought you were joking, but Bobby Borisov over at Linuxiac has an article about systemd's run0, albeit one oozing with sarcasm.

Poettering starts stuff but he and his team appear to never delve deeply enough into any given task to master it. The result is a messy trail with a wake of half-baked, poorly though out, partially implemented 'replacements' littering the distro scene. Sadly those 'replacements' get pounded down our throats through internal politics in Debian and Fedora, the two stems from which the tree of distros grow.

There is already a solid replacement for sudo called doas. It developed in OpenBSD, but has been ported to many distros.

But we haven't heard back from the OP who last posted in this thread some weeks ago. CodeGourmet, what questions remain about sudo after having read post #3 and the other posts?

Agree with post #3.

I asked Google Gemini it says:
Depends on your environment, if it's a company setting give sudo access to what the user needs.
Of course, it's better to ask the user like the following questions, before granting the access.

- Why you need the sudo access?
- What is the command that you required?
- How often do you use or access the command?

Then if the user cannot justify, then you decide whether to give them sudo access or not.

check this YT, might give you more ideas: https://www.youtube.com/watch?v=yy3CRLTDLQE

Good luck!

yes, it is a good overview: "sudo: You're Doing It Wrong"
Anyway, I don't think run0 is a really good replacement, it raises more questions than it answers. And I believe run0 will me misused even more (if sudo will be replaced).

But that's just polkit with knobs on. In polkit, you already have a daemon which performs privileged actions for you after an agent has authenticated you. And I've noticed that polkit config files use the same Windows-like syntax as systemd files. All these things come out of the same stable.

i try to stay away from sudo at all cost

it dose have its place in a multi-user environment and is good for giving other users SOME root privileges

but on a single user desktop -- a BIG NO

having a real "root" user account is rather handy in fixing a busted update to the system

I rather disagree with John VV, it can be a useful tool for a single user system.

It depends upon your system, the distribution, and how you have it configured.

For the first 10 years of my IT career SUDO did not exist, and I did not run into it until 2002.

Doing needless damage and generating complaints because of misuse of ROOT account caused some developers to restrict the root account so that you needed SUDO to complete procedures that required SU access. I am not sure that was wise, but I can see the logic. Alas, they replaced ROOT account misuse with SUDO misuse!

Always consider carefully what you want to do that requires root authority, and how to provide the MINIMUM elevated access to accomplish the desired result.

I developed a sudo like tool (at about 1997/98), it had a nice additional feature, a time limit. It was used to run something as another user, not as root.