Ubuntu – What’s wrong with using sudo

Securitysudo

In a comment here I've been told that unnecessarily using sudo should be avoided. While it wasn't needed in that particular case, I don't see any harm in using it.

I think that when executing trivial programs like cat as root using sudo, the overall risk of hitting a bug that would somehow compromise system security is very low.

So can someone please point out the possible implications, besides typing 4 more characters and a space?

Best Answer

The risk of a typo is more than the risk of a bug.

The risk of gaining a habit of "it doesn't work, stick sudo on it!" is much higher than the risk of a bug.

As a sysadmin who's seen people execute all sorts of random commands with sudo that didn't need them, I always caution against superfluous usage of sudo.

While cat isn't harmful, the habit that this encourages is.

Related Solutions

Ubuntu – What’s the difference between ‘sudo [command]’ and ‘sudo sh [command]

If the file is not marked as executable you need to call a command shell interpreter to execute it.

Examples:

sudo sh foo will open foo with sh using sudo privileges.
sudo bash foo will open foo with bash using sudo privileges.
sh foo will open foo with sh using your user's privileges.
bash foo will open foo with bash using your user's privileges.

If you mark a file as executable you just need to call it with ./foo and because it is marked as such it will be read with the defined command shell interpreter and executed without the need to define one.

ls -F will list files and mark executables with *.

To enable the execute bit on a file (and make it executable as such) use the command chmod +x foo.

In your case to make the file you are using executable you would then use the command

chmod +x VMware-Workstation-9.0.1-894247.x86_64.bundle

and then you will be able to run it with either

sudo sh ./VMware-Workstation-9.0.1-894247.x86_64.bundle or just by typing sudo ./VMware-Workstation-9.0.1-894247.x86_64.bundle.

Ubuntu – What’s exactly the point of the sudo command, in terms of security

First off, you need to understand the concept of the users in linux, with special regards to the root user. In order to keep this answer below the character limit (and on topic), I'd suggest you read this page followed by this one. Really, all you need to know is the following:

Linux is a multi-user operating system with each user having limited power and scope as defined by their user group. Every Linux system has something called the root user (UID 0, also known as the superuser), who is the total and completely authoritative administrator. root knows all, root sees all, root controls all.

The concept of sudo came from the old UNIX command su (from switch user), which allowed any user to log in to any other user on the system. Anyone with administrative privileges would type su root (or just su) to escalate to the root user for any admin task. This, regrettably, had a few problems. In systems with multiple admins, everyone shared the root password. Meaning, if an admin left the company, the root password would need to be changed and redistributed to all of the other administrators. This can be extremely time-consuming at times, and otherwise just be a great pain.

Now, enter sudo. sudo works on a different principle. Instead of requiring users to know the root account login, sudo would be used to allow users to escalate themselves into the root account (or any other account, for that matter) based on the rules of the /etc/sudoers file. Now, revoking or adding an administrator is simple -- just add or remove a user from a group or the file. Because of this, the root account can be "disabled", thereby blocking access to anyone except actual admins.

For almost all cases, this is all sudo is used for. It grants root power to administrators (members of group admin or sudo) based on the rules defined in /etc/sudoers.

(Un)intentionally, this also comes with a massive security benefit. Administrators can run in an unprivileged mode just like any other user. They can then escalate or "enable" administrative privileges when they're needed, and revoke them immediately afterwards. Usually, this is only used for a single command (e.g. sudo apt install cowsay), but it could also be a full-blown root shell.

This isolation in turn also protects the system at large (remember, *NIX was originally a multi-user environment used by many people) from malicious code executed from an admin's account, be it through malware or someone logging on to an admin's active terminal. Similarly, sudo allows every admin action to be logged and reviewed at any time. Contrast this to the old su method, where you realistically had no idea who ran what command.

Also, based on the permission model of Linux, sudo can prevent a user from making potentially dangerous mistakes like accidentally uninstalling a critical program, erasing a hard drive, or any other number of nasty things that should never be done without some confirmation.

TL;DR:

Really, sudo is just a (very useful) holdover from the true multi-user environments of old *NIX installations. However, it still retains its usefulness by protecting the system from malware or session hijacking. In typical *NIX mentality, protection of the admin's actual account is an exercise left to the admin.

If you're worried about someone sitting down at your computer while you're away and messing with your privacy, just lock your screen/session. Even so, physical access is a killer.

Best Answer

Related Solutions

Ubuntu – What’s the difference between ‘sudo [command]’ and ‘sudo sh [command]

Ubuntu – What’s exactly the point of the sudo command, in terms of security

Related Question