Nix Geek

That is the question.

Well, not to most people. I have some views on sudo that I think are unusual. I like to pretend that I am ‘anti-sudo’, because I’ve been around since before sudo, and when you wanted to do something as root, you became root, dammit.

In reality, I think sudo has three very important purposes, and I use it for the first two almost every day.

1) Run one command with elevated privileges.

Sudo is a handy tool for when you are on a desktop or other environment where you do not need to be root most of the time, or shouldn’t be root most of the time, because Ganesha only knows what you might download. It is far quicker to run ‘sudo vi /etc/hosts’ than it is to run ‘su -‘ to become root and then edit the hosts file and log back out. To me this is a tool of convenience.

2) Become root for an extended session without knowing the root password.

When you do what I do, you spend a lot of time being root. There is no way you can do your job running every command as a series of sudo’s, and you need access to everything constantly. In these cases, you have three choices: Log in as root, use su to become root, or use sudo to either run bash or become root.

If it’s my box, who cares? But if it anyone else’s, I don’t want to know the root password, and I shouldn’t have it. If you need to remove my access, you want to just disable my account, and not worry about changing root passwords. Logging in as root requires the root password, as does ‘su root’ or ‘su -‘. On the other hand, ‘sudo su -‘ requires my password, not root’s (unless of course I have password-less sudo, which is awesome).

But guess what? All this goes out the window when I become root and change the root password.

Aye, there’s the rub.

This is where my views start to sound a little like a cranky old sysadmin. When it comes to running things as root, sudo is not, never has been, and never will be a security tool. Nor is it a tool that keeps you safe from damaging your system.

I see it all the time in articles and forums: Don’t run this as root! Use sudo! You can do damage as root! Well, duh, you can do damage with sudo, too. Any mistake you can make as root, you can make with sudo. It’s just the difference between ‘chmod 100 /bin’ and ‘sudo chmod 100 /bin’. Those 4 extra letters will not save you or protect you. If you type your idiotic command as your user and get ‘permission denied’, you just have to type it again with sudo, and then it screws up your system, anyway, dutifully and with glee. sudo, like the honey badger, doesn’t give a shit.

The only thing that protects you from mistakes with root privileges is your own knowledge and caution. Reading what you typed before hitting enter. ‘cwd’ before running anything recursive. Whatever it is. sudo will not protect you from making mistakes. It will only make you type more to make them.

And the only thing that protects you from other users running things that can do damage is not giving them access to those things in the first place. If you think someone might mess something up if they had the root login, what do you think they might accomplish with sudo?

Which brings us to point three, where sudo does actually shine:

3) Allow a user to run specific commands with root privileges, while disallowing those privileges to anything else.

Oh, do I love this. With a carefully conifgured sudoers file, you can give permission so granularly, it tastes like sugar. “Can we have access to restart Apache?” Sure! Here you go, sudo access to restart, stop, and start Apache. Have fun! Bounce your service all day long! Every time you think your website is slow, restart! I don’t care! All you can do with this is make your site run like crap while you keep making it unavailable for no reason.

But what you can’t do is edit the configs and break the whole thing. Have fun flipping that switch over and over. Knock yourself out.

Grumpy old sysadmin, my ass.