Do you sudo?

[drokmed]

How much do you rely on sudo?

[Soul Singin']

.

[Lavene]

I don't use sudo generally because I have root access to all our machines. I have however set up sudo on our printerserver so that my SO can shut it down, and *only* shut it down of course (With no interest and no knowledge it doesn't make sense to have her log in as root).

[edbarx]

Sudo?! What's that for?

I don't sudo if that does not prove absolutely necessary. The only motivation to use sudo that I might ever have, is to avoid typing the root password. In my opinion, that is not a justifiable reason to have a normal user accessing root privileges.

Irresponsible use of sudo may render one's system like swiss cheese.


This is Debian running sudo unnecessarily.

[dbbolton]

The only time I've used it was to start mpd and use my config, since su will use the root's.

[debil]

I've allowed reboot and halt commands to be executed without asking for password by normal user. "sudo halt" bound to WinKey+Pause is just too handy to live without.

[julian67]

My user account is set up to use sudo but only for /usr/sbin/pm-suspend & /usr/sbin/pm-hibernate because I use Xfce 4.4 which doesn't have anything like Gnome or KDE's power managers. My wireless keyboard has a Sleep button so this is mapped to 'sudo /usr/sbin/pm-suspend'.

Aside from that I don't have a use for it. I can see it offers a lot of fine grained control over user privileges on systems with multiple users but imo it's best avoided or used as little as possible on single user (i.e. user+root) set ups. I have used Ubuntu in the past and frankly sudo Ubuntu-style is a concession to people migrating from Windows who have to be persuaded to even use a password. It's no more convenient than su but has disadvantages; some applications and scripts really do require the user to be root, and the 5 or 10 minutes of elevated privilege status after using sudo is a genuine nightmare because it isn't obvious or apparent and a simple mistake that would be inconsequential as user can be a serious when done with root privilege. It looks like an especially bad idea on systems administered remotely or those which allow any kind of remote or public access (web, ftp, webcontrol interfaces etc). I noticed that while Ubuntu desktop always uses sudo the Ubuntu server CD installer offers a non-sudo option. I assume the naive and the insane choose sudo.

Also setting up sudo is non-obvious and it's very easy to make horrendous errors, leaving the system completely insecure. I much prefer that root and users are clearly and unmistakably separated and impossible to confuse.

If I were wanting to target GNU/Linux desktops in the way that people target naive/unlucky Windows users my aim would be focussed 100% on Ubuntu simply because the way they use sudo could have been designed to make social engineering more rewarding than ever

I believe OS X also uses sudo in a similar way to Ubuntu and for similar reasons.

[drokmed]

I've allowed reboot and halt commands to be executed without asking for password by normal user. "sudo halt" bound to WinKey+Pause is just too handy to live without.

I can see that. Beats the hell out of just reaching behind the PC, and yanking out the power cord

[drokmed]

Just for yuks, I posted the same poll in the Ubuntu forums:

http://ubuntuforums.org/showthread.php?t=1173728

This should be interesting...

[drokmed]

Holy crap, within seconds, it was moved to their non-discussion forum...

[julian67]

Holy crap, within seconds, it was moved to their non-discussion forum...

If you discuss sudo vs su at ubuntuforums your thread will get canned pretty fast. If you offer to show anyone how to enable the root account on Ubuntu you will get banned

sudo is ubuntuforum's very own sacrament. Blasphemy and heresy quickly lead to excommunication by the high priests of hypocrisy & stupidity.

[Absent Minded]

I do all the administration here and there is no need for sudo. I view it as a security risk and do not recomend it to anyone.

[Soul Singin']

If you discuss sudo vs su at ubuntuforums your thread will get canned pretty fast. If you offer to show anyone how to enable the root account on Ubuntu you will get banned

Yeah, because if you make a mistake while messing with sudo on an Ubuntu system, you might never be able to run a command as root ever again.
.

[edbarx]

Just for yuks, I posted the same poll in the Ubuntu forums:

http://ubuntuforums.org/showthread.php?t=1173728

This should be interesting...

Burn drokmed at the stake!

[edbarx]

If you discuss sudo vs su at ubuntuforums your thread will get canned pretty fast. If you offer to show anyone how to enable the root account on Ubuntu you will get banned

Yeah, because if you make a mistake while messing with sudo on an Ubuntu system, you might never be able to run a command as root ever again.
.

What can be done, can be undone. Grab a Live Linux CD and modify the root control files by hand. This is Linux, there are no secrets whatsoever!

[Tadeas]

Code: Select all

sudo systemsettings

for kdm configuration in KDE 4 as there is still the bug that there is no button to get root privileges - and running systemsettings as a root (after su) fails because root cannot run graphical applications and I'm too lazy to search how to allow it.
However I've recently found that there are other ways than sudo, so I use it just from habit...

[edbarx]

@ Tadeas

If you run KDE you can run any application as root as follows:

kde menu ---> Run Command

This dialog opens


Type the name of the application's executable, indicate that you want to run as root and type the root password for root.

[Tadeas]

Edbarx: I'm afraid there are not all these options in KDE 4. Yes, it works like this in KDE 3, but not here yet. The RUN dialog should improve a lot i 4.3...

[Soul Singin']

in KDE 4 ... there is still the bug that there is no button to get root privileges - and running systemsettings as a root (after su) fails because root cannot run graphical applications and I'm too lazy to search how to allow it.

That sucks. Try sux.
.

[dowoshek]

I have disabled root account and always use sudo with timestamp_timeout=0 in settings. I think it's even better than using su, because sometimes it's easy to forget that we are still using root account via su