Welcome to Linux Screw! If you're new here, you may want to subscribe our RSS feed.
Nice article on why we should use sudo instead su. Actually it’s one of “must read” articles.
GNU/Linux distributions use the “su” model to elevate user priveledges. SU (or Substitute User) is a simple command which allows you to assume another identity on your pc. It’s most-often use is to become the root or administrative user. Both GNOME and KDE provide graphical tools which perform the same task, allowing you to install packages, change your resolution, and so on.
Sudo is a tool that supports allowing users to use their own credentials for privilege escalation. No two passwords. No root user. Furthermore, sudo already supports granularity. If Linux distributions used sudo instead of su by default, you wouldn’t have to give out the root password to anyone who needed to become an administrator on a unix box.
Here are some of the features and reasons to use sudo:
- Least privilege: Some users need to be able to change network configs, or shutdown the pc without root. Sudo allows specific users (or groups of users) to run specific commands, and not any others.
- Logging: Every single command used through sudo is logged. This enables you to see who did what which is great from a security point of view, and essential from a troubleshooting point of view. When used in tandem with syslog, you can log all restricted commands to a central “log host”.
- Timestamping: Sudo uses timestamp files to implement a “ticketing” system. When a user invokes sudo and enters their password, they are granted a ticket for 5 minutes. Each subsequent sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.
- Shared Configuration: Sudo’s configuration file, the sudoers file, is setup in such a way that the same sudoers file may be used on many machines. This allows for central administration while keeping the flexibility to define a user’s privileges on a per-host basis.
- Root Shells: Sudo avoids the “I can do anything” interactive login by default – you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing. If you were logged in as root, you could just delete some of those “useless folders” and not realize you were in the wrong directory until it’s too late.
- Script Kiddies: Every cracker trying to brute-force their way into your box will know it has an account named root and will try that first. What they don’t know is what the usernames of your other users are.
- Box Ownership: Sudo allows easy transfer for admin rights, in a short term or long term period, by added and removing users from groups, while not compromising the root account.
Read more at xtermin.us…
Great points with regard to upload files for having myself personally get started. I most certainly will keep this particular website link and come back to this.
Are you certain which you have the details straight? I’ve read a variety of articles that contradict what you said here, so I don’t know what to believe.
My brother recommended I might like this blog. He was totally right. This post actually made my day. You can not imagine simply how much time I had spent for this information! Thanks!
i’ve begun to visit this blog a couple of times now and i have to tell you that i find it quite good actually. it’ll be nice to read more in the future!
Thank you for sharing excellent information. Your web-site is very cool. I’m impressed by the info that you have on this blog. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for more articles.