Results 1 to 8 of 8
Enjoy an ad free experience by logging in. Not a member yet? Register.
Is Using Sudo Like Using a Safety Net?
I just learned how to include my name in the sudoers list and have been enjoying using sudo for commands that require root.
My question is, what is the advantage if I use sudo in commands that are suppose to be executed as root. If I make a mistake using the sudo option in execution of commands and screw-up my environment. Will I be able to undo the mistake since the command was not executed as real root (su -)? Or "roll it back" so to speak?
Thank you for any clarifications!
No, you can't rollback sudo commands.
Sudo has a couple of advantages. One, it keeps a history log. Not so useful for the average desktop user, but nice for sys admins. Two, you run with only the command you want with elevated priviliges. (You can do this with su -c 'command' as well rather than loggin in as root.) Three, you can limit a user or group of users to specific tasks and commands. So rather than give the keys to whole computer away with the root password, you can define that this group of users has access to networking commands, but can't install software, or this user can install software, but can't write to the root filesystem or whatnot.
The other argument for using sudo and disabling the root account altogether, is that the bad guys know that all systems have an account named root, so they don't have to find out the username, and focus on cracking the password. If you have no root account, finding the username is one more obstacle to overcome. I don't know how much difference this really makes.
11-09-2009 #3The other argument for using sudo and disabling the root account altogether, is that the bad guys know that all systems have an account named root, so they don't have to find out the username, and focus on cracking the password. If you have no root account, finding the username is one more obstacle to overcome. I don't know how much difference this really makes
If they crack the admin account, they would already own the system whether or not they re-enabled root, wouldn't they?
Also, why would it be harder to crack the root account than the admin user account?
I could see an argument that sudo could be dangerous, since most systems are set up to not allow root to login remotely. So if you've cracked the admin user account, you could have free reign via remote connection, more easily than if you had to crack root.
I don't really know. Detailed security issues are beyond my scope of knowledge.
11-09-2009 #6If you cracked an admin account then yes you already own the system. If you went on to unlock the root account, you could easily lock out the admins from the system, remove them as admins, create your own users accounts that can access the system remotely etc.
To me the advantages are four fold:
- Commands are logged
- There can be multiple system admins without handing out the root password
- You can grant partial root access, i.e. for a specific command
- You are discouraged from just running a shell as root, i.e. you only prefix your root commands with sudo, not ls, cd etc
daark.child, I have to agree with reed9 on this one, if you crack a user in the sudo/wheel/admin group you already have the equivalent of root. Cracking one of these users is the same as cracking root, no need to unlock root. On the same note if they got root all they'd need to do is change the password.