Nice article on why we should use sudo instead su. Actually it’s one of “must read” articles.

sudo linux

GNU/Linux distributions use the “su” model to elevate user priveledges. SU (or Substitute User) is a simple command which allows you to assume another identity on your pc. It’s most-often use is to become the root or administrative user. Both GNOME and KDE provide graphical tools which perform the same task, allowing you to install packages, change your resolution, and so on.

Sudo is a tool that supports allowing users to use their own credentials for privilege escalation. No two passwords. No root user. Furthermore, sudo already supports granularity. If Linux distributions used sudo instead of su by default, you wouldn’t have to give out the root password to anyone who needed to become an administrator on a unix box.

Here are some of the features and reasons to use sudo:

  • Least privilege: Some users need to be able to change network configs, or shutdown the pc without root. Sudo allows specific users (or groups of users) to run specific commands, and not any others.
  • Logging: Every single command used through sudo is logged. This enables you to see who did what which is great from a security point of view, and essential from a troubleshooting point of view. When used in tandem with syslog, you can log all restricted commands to a central “log host”.
  • Timestamping: Sudo uses timestamp files to implement a “ticketing” system. When a user invokes sudo and enters their password, they are granted a ticket for 5 minutes. Each subsequent sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.
  • Shared Configuration: Sudo’s configuration file, the sudoers file, is setup in such a way that the same sudoers file may be used on many machines. This allows for central administration while keeping the flexibility to define a user’s privileges on a per-host basis.
  • Root Shells: Sudo avoids the “I can do anything” interactive login by default – you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing. If you were logged in as root, you could just delete some of those “useless folders” and not realize you were in the wrong directory until it’s too late.
  • Script Kiddies: Every cracker trying to brute-force their way into your box will know it has an account named root and will try that first. What they don’t know is what the usernames of your other users are.
  • Box Ownership: Sudo allows easy transfer for admin rights, in a short term or long term period, by added and removing users from groups, while not compromising the root account.

Read more at xtermin.us…

 

7 Comments

 

  1. Pingback : ownport.net » Blog Archive » Why use SUDO instead of SU?

  2. October 31, 2010  6:17 am by file download java script Reply

    Great points with regard to upload files for having myself personally get started. I most certainly will keep this particular website link and come back to this.

  3. January 1, 2011  12:27 am by hobo purse Reply

    Are you certain which you have the details straight? I've read a variety of articles that contradict what you said here, so I don't know what to believe.

  4. January 24, 2011  4:13 pm by ledlights nucash.nl fantastico Reply

    My brother recommended I might like this blog. He was totally right. This post actually made my day. You can not imagine simply how much time I had spent for this information! Thanks!

  5. February 17, 2011  4:43 am by Resa Reply

    i've begun to visit this blog a couple of times now and i have to tell you that i find it quite good actually. it'll be nice to read more in the future! ;)

  6. April 21, 2011  5:25 pm by john schiffner Reply

    Thank you for sharing excellent information. Your web-site is very cool. I'm impressed by the info that you have on this blog. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for more articles.

  7. January 18, 2013  12:36 pm by www churchill insurance Reply

    I recovered that representation this is useful, it aided me translate how primal this is.
    The main factor is, he illustrates what you requisite to do and when.
    This package is excellent if you have difficulty following the
    workout routines routines, you can just just watch the video.
    Each workouts is accompanied with images for all the workout routines and the right way to execute them, this is followed
    by eight ab workout routines that enhance in difficulty from levels 1-8, 8
    definitely becoming the hardest.The soundness clump
    is victimised in several of my most competitor workouts.
    The second choice, you will get video package.You faculty conceptualise
    that this package is not the same low carb diets you have just about in other books.
    However, rather than emphasizing on toning the abs,
    this book talks virtually the distance by means
    of which you can helpfulness the abs acquire strength so that the close time you read,
    this strength can refrain your body worsen metric solon effectively.
    They are everywhere, from the magazines, from the world-wide-web.
    The rest is background.If you select this package, you will get discount.
    Despite preferred belief, this is a rattling significantly proportionate meal plan.
    There's additional to find out on efficient on gaining six pack abs.The principal issue of eating plan it will give you strain in your life when you can consume this and cannot eat that, far more tension in your life it implies more calories in your body.

Leave a reply

 

Your email address will not be published.