Language Selection

English French German Italian Portuguese Spanish

Sudo: Why Ubuntu does it right

Filed under
Ubuntu

One of the most famous Linux debates on the internet is over Ubuntu's security model of using sudo to administrate a machine and disabling the traditional root login via su. For many experienced Linux and unix sysadmins, such behavior is strange and foreign, and many people change sudo on Ubuntu to behave like "normal." I, on the other hand, have gradually come to believe that not only is the Ubuntu way good, it is actually better! In this post I'll attemp to explain why. You can read the long-winded official explanation of why Ubuntu uses sudo, but I'll attempt to summarize. Basically, there are two main benefits to the Ubuntu sudo model that I see:

1. Disabling the root account entirely provides an extra layer of security from remote hackers.

2. Using sudo adds an extra layer of abstraction in the security model.

rest here




re: Sudo

Yes, if you're too stupid to understand how permissions work, then I guess typing SUDO EVERYTHING is the only way to protect you from yourself.

Sudo in Ubuntu is no better (or worse) then UAC in Vista.

And disabling root, but leaving sudo enabled DOES NOTHING to increase security.

Personally, my computers work for me, and not the other way around (of course I have a IQ considerably higher then 80, so I'm not the typical user that Unoobtu targets).

re: re: Sudo

Vonskippy wrote:
And disabling root, but leaving sudo enabled DOES NOTHING to increase security.

Yes, the use of sudo has to be the biggest and most unnecessary time-waster in all of Linux.

I've been running Linux for

I've been running Linux for 10 years and never been remote hacked. That is because I dont run as root and use a strong root password. If I got into a ubuntu box couldnt I just sudo anything I wanted?

no, you couldn't,

because the default behavior of sudo in ubuntu is to ask the use to AUTHENTICATE. They need to know the user's password to sudo, but first they need to know the username to login at all. A remote hacker (especially a bot) would have no idea what users are on a system in the first place anyways.

However, you're right, not running as root is the same idea as using sudo. You just open up a shell with su and do your commands, then close the root shell. That is how a good sysadmin works, I'm simply arguing that using sudo is the same idea as that, taken one step further.

Sudo is less secure...

By using the USER password, Sudo is less secure. A better way would be to require a second Sudo password for each user in the sudoers list.

Also, I agree with vonskippy. It simply does nothing to increase security and is just a nuscance like UAC. I also don't like distros that attempt to protect me from myself. This is a Microsoft way of thinking and exactly why security is so lax an home computers. People need to be educated more about them so that they learn how to do it right and not rely on someone else to secure it.

Not the same as UAC

Hi, this is the author of the blog post. I can't believe my blog actually made it to tuxmachines. Big Grin omg I feel special.

Anywho, to address some of the comments, I wasn't really intending to compare sudo to UAC, rather I was comparing it to the tradition su method seen in other linux distros. However.... I cannot stress enough that sudo is NOT the same as vistas UAC. sudo forces you to authenticate, UAC merely asks if you're really sure you want to do that. This is more secure, period. In Linux, the administrator is clearly separated from the user. I am an educated linux user, and I do understand how permissions work, yet I still prefer to use sudo. Why? because I am protecting myself. When I use sudo, I'm saying "this, and only this process may run as root. Here's my password to prove it's okay to do this." When I click on yet another UAC prompt, I'm saying "yes I want to run the stupid program that I JUST TOLD YOU TO RUN. OK."

Also, the protection against remote hackers is less of an issue for a regular desktop and more of an issue for a web server connected directly to the internet. For such a server, this is a very, very, important issue, since you can get bombarded by bots all the time just trying to connect in various ways, simply because the server is there. I've seen it happen.

Family Computer

If I have a family computer where 3-4 people can use it. Do they all have the ability to install/remove software on it using sudo?

re:Family Computer

No, they don't all have access unless you add them to the "admin" group in Ubuntu. When you install Ubuntu, the first account (which is created during the install) is part of this admin group, and has privileges to use sudo. Who can and cannot use sudo to do various tasks can be fine-tuned in the /etc/sudoers file, but by default, only the first user can sudo.

Admin group - enabled by default on Ubunt

scarter4 wrote:
No, they don't all have access unless you add them to the "admin" group in Ubuntu. When you install Ubuntu, the first account (which is created during the install) is part of this admin group, and has privileges to use sudo. Who can and cannot use sudo to do various tasks can be fine-tuned in the /etc/sudoers file, but by default, only the first user can sudo.

OK, there are flaws there. You are assuming that every user is set up as a different user but the gist of the original question, seemed to me, to imply that everyone was using the same login. What then?
I don't use ubuntu. I have one user and root. Anyone in my family can access usr but only I can access root.
What would be the situation on a similar setup in Ubuntu?
I think Ubuntu is flawed in their admin at setup route as most ubuntu users have migrated from Windows and don't do separate user setups. Add in auto login and you have a system open to borks by people fiddling. For this reason I'd never have Ubuntu in a school for example.
User and root is the way to go and if you do want to Sudo then at least prompt for a separate root password.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Red Hat Financial News

Leftovers: OSS and Sharing

  • What does it mean to change company culture?
    Tools are specific concrete things that a culture has decided is a way to improve a process. Buckminster Fuller has a great quote about tools and thinking: "If you want to teach people a new way of thinking, don't bother trying to teach them. Instead, give them a tool, the use of which will lead to new ways of thinking." In particular, DevOps tools can provide folks new ways to look at things—like delivering code into a production environment, for example. But there's lots of examples where a new tool doesn't influence the thinking of the people who use it, so things don't change.
  • Why Open Beats Closed
  • Google Improves Image Recognition; Releases Project as Open Source Software
    Google says its algorithm can correctly caption a photograph with nearly 94 percent accuracy. The company says the improvements come in the third version of its system named Inception, with the score coming from a standardized auto-caption test named ImageNet. It reports the first version scored 89.6 percent, the second 91.8 percent and the new one 93.9 percent.
  • Contributing to Open Source Projects Not Just For the Experts
    XDA has long been a proponent of open source development, and we’ve seen it flourish over the years. In fact, it’s one of the main reasons our community has grown as fast as it has over these past 13 years, with Android’s core being the driving force. Many people desire to be part of open source and contribute but often don’t know how they can, whether because they think they lack the skills or they just don’t have the time.
  • Firefox Reader Mode is Finally Getting a Keyboard Shortcut
    Among the changes which arrived in the September release of Firefox 49 were an enhanced set of Reader Mode features, including spoken narration and line-width spacing options. All very welcome. But the improvements aren’t stopping there. Firefox 50, which is due next month, will add another sorely needed feature: a keyboard shortcut for Reader Mode. Y
  • Introduction to OpenStack by Rich Bowen
    In this talk, Rich, the OpenStack Community Liaison at Red Hat, will walk you through what OpenStack is, as a project, as a Foundation, and as a community of organizations.
  • How Microsoft Measures Open Source Success [Ed: Wim Coekaerts got a bigger salary offer from Microsoft than from Oracle so now he’s propagandist/EEE in chief]
  • Public licenses and data: So what to do instead?
    Why you still need a (permissive) license Norms aren’t enough if the underlying legal system might allow an early contributor to later wield the law as a threat. That’s why the best practice in the data space is to use something like the Creative Commons public domain grant (CC-Zero) to set a clear, reliable, permissive baseline, and then use norms to add flexible requirements on top of that. This uses law to provide reliability and predictability, and then uses norms to address concerns about fairness, free-riding, and effectiveness. CC-Zero still isn’t perfect; most notably it has to try to be both a grant and a license to deal with different international rules around grants.
  • NIST Releases New 'Family' of Standardized Genomes
    With the addition of four new reference materials (RMs) to a growing collection of “measuring sticks” for gene sequencing, the National Institute of Standards and Technology (NIST) can now provide laboratories with even more capability to accurately “map” DNA for genetic testing, medical diagnoses and future customized drug therapies. The new tools feature sequenced genes from individuals in two genetically diverse groups, Asians and Ashkenazic Jews; a father-mother-child trio set from Ashkenazic Jews; and four microbes commonly used in research. NIST issued the world’s first genome reference material (NIST RM 8398)—detailing the genetic makeup for a woman with European ancestry—in May 2015. Together, all five RMs serve as a collection of well-characterized, whole genome standards that can tell a laboratory how well its DNA sequencing processes are working by measuring the performance of the equipment, chemistry and data analysis involved.
  • ANSI Seeks Organizations Interested in Serving as U.S. TAG Administrator for ISO Technical Committee on Blockchain and Electronic Distributed Ledger
  • Industrial IoT leaders work towards interoperability and open source collaboration

LLVM News

  • Pairing LLVM JIT With PostgreSQL Can Speed Up Database Performance
    Using the LLVM JIT with PostgreSQL can vastly speed up the query execution performance and shows off much potential but it hasn't been mainlined yet. Dmitry Melnik presented at this month's LLVM Cauldron over speeding up the query execution performance of PostgreSQL by using LLVM. Particularly with complex queries, the CPU becomes the bottleneck for PostgreSQL rather than the disk. LLVM JIT is used for just-in-time compilation of queries.
  • LLVM Cauldron 2016 Videos, Slides Published
    The inaugural LLVM Cauldron conference happened earlier this month ahead of the GNU Tools Cauldron in Hebden Bridge, UK. All of the slides and videos from this latest LLVM conference are now available.

A quick introduction to Audacity for teachers

School's back in session, and kids love the creative arts. One of my favorite open source creative tools is Audacity, the open source audio recorder and editor. Students love manipulating digital sound with Audacity: making podcasts, learning languages, recording interviews, and recording and mixing music. I use it to record podcasts for students to provide instructions about classroom procedures and tests. Foreign language students use Audacity to record and play back their lessons. Students can download music and other types of audio tracks for sharing and re-use from Creative Commons and Wikimedia, and dub their own voices onto music tracks, the sounds of birds chirping, whales and dolphins in their natural habitats, and more. Read more