Language Selection

English French German Italian Portuguese Spanish

Sudo: Why Ubuntu does it right

Filed under
Ubuntu

One of the most famous Linux debates on the internet is over Ubuntu's security model of using sudo to administrate a machine and disabling the traditional root login via su. For many experienced Linux and unix sysadmins, such behavior is strange and foreign, and many people change sudo on Ubuntu to behave like "normal." I, on the other hand, have gradually come to believe that not only is the Ubuntu way good, it is actually better! In this post I'll attemp to explain why. You can read the long-winded official explanation of why Ubuntu uses sudo, but I'll attempt to summarize. Basically, there are two main benefits to the Ubuntu sudo model that I see:

1. Disabling the root account entirely provides an extra layer of security from remote hackers.

2. Using sudo adds an extra layer of abstraction in the security model.

rest here




re: Sudo

Yes, if you're too stupid to understand how permissions work, then I guess typing SUDO EVERYTHING is the only way to protect you from yourself.

Sudo in Ubuntu is no better (or worse) then UAC in Vista.

And disabling root, but leaving sudo enabled DOES NOTHING to increase security.

Personally, my computers work for me, and not the other way around (of course I have a IQ considerably higher then 80, so I'm not the typical user that Unoobtu targets).

re: re: Sudo

Vonskippy wrote:
And disabling root, but leaving sudo enabled DOES NOTHING to increase security.

Yes, the use of sudo has to be the biggest and most unnecessary time-waster in all of Linux.

I've been running Linux for

I've been running Linux for 10 years and never been remote hacked. That is because I dont run as root and use a strong root password. If I got into a ubuntu box couldnt I just sudo anything I wanted?

no, you couldn't,

because the default behavior of sudo in ubuntu is to ask the use to AUTHENTICATE. They need to know the user's password to sudo, but first they need to know the username to login at all. A remote hacker (especially a bot) would have no idea what users are on a system in the first place anyways.

However, you're right, not running as root is the same idea as using sudo. You just open up a shell with su and do your commands, then close the root shell. That is how a good sysadmin works, I'm simply arguing that using sudo is the same idea as that, taken one step further.

Sudo is less secure...

By using the USER password, Sudo is less secure. A better way would be to require a second Sudo password for each user in the sudoers list.

Also, I agree with vonskippy. It simply does nothing to increase security and is just a nuscance like UAC. I also don't like distros that attempt to protect me from myself. This is a Microsoft way of thinking and exactly why security is so lax an home computers. People need to be educated more about them so that they learn how to do it right and not rely on someone else to secure it.

Not the same as UAC

Hi, this is the author of the blog post. I can't believe my blog actually made it to tuxmachines. Big Grin omg I feel special.

Anywho, to address some of the comments, I wasn't really intending to compare sudo to UAC, rather I was comparing it to the tradition su method seen in other linux distros. However.... I cannot stress enough that sudo is NOT the same as vistas UAC. sudo forces you to authenticate, UAC merely asks if you're really sure you want to do that. This is more secure, period. In Linux, the administrator is clearly separated from the user. I am an educated linux user, and I do understand how permissions work, yet I still prefer to use sudo. Why? because I am protecting myself. When I use sudo, I'm saying "this, and only this process may run as root. Here's my password to prove it's okay to do this." When I click on yet another UAC prompt, I'm saying "yes I want to run the stupid program that I JUST TOLD YOU TO RUN. OK."

Also, the protection against remote hackers is less of an issue for a regular desktop and more of an issue for a web server connected directly to the internet. For such a server, this is a very, very, important issue, since you can get bombarded by bots all the time just trying to connect in various ways, simply because the server is there. I've seen it happen.

Family Computer

If I have a family computer where 3-4 people can use it. Do they all have the ability to install/remove software on it using sudo?

re:Family Computer

No, they don't all have access unless you add them to the "admin" group in Ubuntu. When you install Ubuntu, the first account (which is created during the install) is part of this admin group, and has privileges to use sudo. Who can and cannot use sudo to do various tasks can be fine-tuned in the /etc/sudoers file, but by default, only the first user can sudo.

Admin group - enabled by default on Ubunt

scarter4 wrote:
No, they don't all have access unless you add them to the "admin" group in Ubuntu. When you install Ubuntu, the first account (which is created during the install) is part of this admin group, and has privileges to use sudo. Who can and cannot use sudo to do various tasks can be fine-tuned in the /etc/sudoers file, but by default, only the first user can sudo.

OK, there are flaws there. You are assuming that every user is set up as a different user but the gist of the original question, seemed to me, to imply that everyone was using the same login. What then?
I don't use ubuntu. I have one user and root. Anyone in my family can access usr but only I can access root.
What would be the situation on a similar setup in Ubuntu?
I think Ubuntu is flawed in their admin at setup route as most ubuntu users have migrated from Windows and don't do separate user setups. Add in auto login and you have a system open to borks by people fiddling. For this reason I'd never have Ubuntu in a school for example.
User and root is the way to go and if you do want to Sudo then at least prompt for a separate root password.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Desktop GNU/Linux/Chromebook

  • A Minimal Chrome OS Theme for Tint2
    I used to (and sort-of-still-do, I guess) run a sister site focused on Google Chrome, Chromecast and Chromebooks, i.e. the Chrome ecosystem. As such I am a fan of Chromebooks and Chrome OS, a Linux-based distribution based on Gentoo. The appearance of Chrome OS has waxed and waned in sync with Google’s ambitions and positioning for the OS, going form hyper-minimal to a full desktop clone (with the desktop-y Chrome Apps platform) through to a Material Design inspired Android + Chrome hybrid today.
  • Off-The-Shelf Hacker: Linux for Cheap Hardware, Then and Now
    Most people, don’t realize how prolific Linux has become. With the Embedded Linux Conference just a week away, I’ve been reflecting on how Linux has provided a sort of computing “circle of life” experience for me. It’s powered my computational hardware 20 years ago and continues to do so today.
  • [Video] XPS 13 Review | Linux Action Show 457
  • GParted 0.28.1
    This release of GParted restores the ability to move/resize primary partitions when an extended partition exists. The move/resize regression was introduced in version 0.28.0. This release also includes some minor bug fixes.
  • Antergos Linux : The beauty built on Arch
    Hi guys, welcome to the 16th segment of "Introduction with Linux Distro". Most of us know or heard about Arch Linux, which is one of the most widely used Linux distribution. For some reason, few users find it hard to install and use Arch. But in Linux world, there is almost always some alternative to your desired distribution. In today's segment, we will be introducing an Arch-based distribution which turned it completely on user-friendly side. So, let's get to know about Antergos Linux.

Kernel Space/Linux

Leftovers: Software

  • Picard 1.4 released
    The last time we put out a stable release was more than 2 years ago, so a lot of changes have made it into this new release. If you’re in a hurry and just want to try it out, the downloads are available from the Picard website.
  • Linux Digital Audio Workstations: Open Source Music Production
    Linux Digital Audio Workstations When most people think of music programs, they’ll usually think Mac OS or Windows. However, there are also a few Linux digital audio workstations. The support and features of these programs can vary, but they’re a good choice to setup a cheap recording studio. Some of them are even good competitors for paid programs, offering features such as multitrack recording, MIDI, and virtual instruments. Keep in mind that many audio editing programs for Linux rely on the Jack backend. You’ll need a dedicated system to install these programs on, since it doesn’t work properly in a virtual machine. In the following article, we’ll cover audio editing programs that are available for Linux. We’ll talk about the available features, as well as help you decide which program to use for your needs.
  • i2pd 2.12 released
    i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.
  • 4 Command-Line Graphics Tools for Linux
    For the most part, they’re wrong. Command-line image tools do much of what their GUI counterparts can, and they can do it just as well. Sometimes, especially when dealing with multiple image files or working on an older computer, command-line tools can do a better job. Let’s take a look at four command-line tools that can ably handle many of your basic (and not-so-basic) image manipulation tasks.
  • CloudStats - Best Server Monitoring Tool for Linux Servers
    CloudStats is an effective tool for Linux server monitoring and network monitoring. With CloudStats you get whole visibility into key performance criteria of your Linux Server. You can proactively track different server metrics like CPU, disk and memory usage, services, apps, processes and more. The best thing is that you don’t need to have any special technical skills – this tool for server monitoring is very easy to install and run from any device.
  • New Inkscape 0.92.1 fixes your previous works done with Inkscape
    This blog-post is about a happy-end after a previously published blog-post named New Inkscape 0.92 breaks your previous works done with Inkscape published on 20 January. A lot of reactions did happen about this previous blog-post and the news get quickly viral. That's why I thought it was nice to make another blog post to "close this case".
  • Qt 5.10 To Have Built-In Vulkan Support
    With Qt 5.8 there was experimental Direct3D 12 support that left some disappointed the toolkit didn't opt for supporting Vulkan first as a cross-platform, high-performance graphics API. Fortunately, with Qt 5.10, there will be built-in Vulkan support. Going back nearly one year there has been Vulkan work around Qt while with Qt 5.10 it's becoming a reality. However, with Qt 5.9 not even being released until the end of May, Qt 5.10 isn't going to officially debut until either the very end of 2017 or early 2018.
  • Rusty Builder
    Thanks to Georg Vienna, Builder can now manage your Rust installations using RustUp!
  • GNOME MPlayer knows how to grow your playlist size

today's howtos