Language Selection

English French German Italian Portuguese Spanish

Sudo: Why Ubuntu does it right

Filed under
Ubuntu

One of the most famous Linux debates on the internet is over Ubuntu's security model of using sudo to administrate a machine and disabling the traditional root login via su. For many experienced Linux and unix sysadmins, such behavior is strange and foreign, and many people change sudo on Ubuntu to behave like "normal." I, on the other hand, have gradually come to believe that not only is the Ubuntu way good, it is actually better! In this post I'll attemp to explain why. You can read the long-winded official explanation of why Ubuntu uses sudo, but I'll attempt to summarize. Basically, there are two main benefits to the Ubuntu sudo model that I see:

1. Disabling the root account entirely provides an extra layer of security from remote hackers.

2. Using sudo adds an extra layer of abstraction in the security model.

rest here




re: Sudo

Yes, if you're too stupid to understand how permissions work, then I guess typing SUDO EVERYTHING is the only way to protect you from yourself.

Sudo in Ubuntu is no better (or worse) then UAC in Vista.

And disabling root, but leaving sudo enabled DOES NOTHING to increase security.

Personally, my computers work for me, and not the other way around (of course I have a IQ considerably higher then 80, so I'm not the typical user that Unoobtu targets).

re: re: Sudo

Vonskippy wrote:
And disabling root, but leaving sudo enabled DOES NOTHING to increase security.

Yes, the use of sudo has to be the biggest and most unnecessary time-waster in all of Linux.

I've been running Linux for

I've been running Linux for 10 years and never been remote hacked. That is because I dont run as root and use a strong root password. If I got into a ubuntu box couldnt I just sudo anything I wanted?

no, you couldn't,

because the default behavior of sudo in ubuntu is to ask the use to AUTHENTICATE. They need to know the user's password to sudo, but first they need to know the username to login at all. A remote hacker (especially a bot) would have no idea what users are on a system in the first place anyways.

However, you're right, not running as root is the same idea as using sudo. You just open up a shell with su and do your commands, then close the root shell. That is how a good sysadmin works, I'm simply arguing that using sudo is the same idea as that, taken one step further.

Sudo is less secure...

By using the USER password, Sudo is less secure. A better way would be to require a second Sudo password for each user in the sudoers list.

Also, I agree with vonskippy. It simply does nothing to increase security and is just a nuscance like UAC. I also don't like distros that attempt to protect me from myself. This is a Microsoft way of thinking and exactly why security is so lax an home computers. People need to be educated more about them so that they learn how to do it right and not rely on someone else to secure it.

Not the same as UAC

Hi, this is the author of the blog post. I can't believe my blog actually made it to tuxmachines. Big Grin omg I feel special.

Anywho, to address some of the comments, I wasn't really intending to compare sudo to UAC, rather I was comparing it to the tradition su method seen in other linux distros. However.... I cannot stress enough that sudo is NOT the same as vistas UAC. sudo forces you to authenticate, UAC merely asks if you're really sure you want to do that. This is more secure, period. In Linux, the administrator is clearly separated from the user. I am an educated linux user, and I do understand how permissions work, yet I still prefer to use sudo. Why? because I am protecting myself. When I use sudo, I'm saying "this, and only this process may run as root. Here's my password to prove it's okay to do this." When I click on yet another UAC prompt, I'm saying "yes I want to run the stupid program that I JUST TOLD YOU TO RUN. OK."

Also, the protection against remote hackers is less of an issue for a regular desktop and more of an issue for a web server connected directly to the internet. For such a server, this is a very, very, important issue, since you can get bombarded by bots all the time just trying to connect in various ways, simply because the server is there. I've seen it happen.

Family Computer

If I have a family computer where 3-4 people can use it. Do they all have the ability to install/remove software on it using sudo?

re:Family Computer

No, they don't all have access unless you add them to the "admin" group in Ubuntu. When you install Ubuntu, the first account (which is created during the install) is part of this admin group, and has privileges to use sudo. Who can and cannot use sudo to do various tasks can be fine-tuned in the /etc/sudoers file, but by default, only the first user can sudo.

Admin group - enabled by default on Ubunt

scarter4 wrote:
No, they don't all have access unless you add them to the "admin" group in Ubuntu. When you install Ubuntu, the first account (which is created during the install) is part of this admin group, and has privileges to use sudo. Who can and cannot use sudo to do various tasks can be fine-tuned in the /etc/sudoers file, but by default, only the first user can sudo.

OK, there are flaws there. You are assuming that every user is set up as a different user but the gist of the original question, seemed to me, to imply that everyone was using the same login. What then?
I don't use ubuntu. I have one user and root. Anyone in my family can access usr but only I can access root.
What would be the situation on a similar setup in Ubuntu?
I think Ubuntu is flawed in their admin at setup route as most ubuntu users have migrated from Windows and don't do separate user setups. Add in auto login and you have a system open to borks by people fiddling. For this reason I'd never have Ubuntu in a school for example.
User and root is the way to go and if you do want to Sudo then at least prompt for a separate root password.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

XFree KWin, Plasma, KDE, and Qt/GTK

  • Announcing the XFree KWin project
    Over the last weeks I concentrated my work on KWin on what I call the XFree KWin project. The idea is to be able to start KWin/Wayland without XWayland support. While most of the changes required for it are already in Plasma 5.11, not everything got ready in time, but now everything is under review on phabricator, so it’s a good point in time to talk about this project.
  • Adapta Theme is Now Available for the #KDE Plasma Desktop
    A new port brings the Adapta GTK theme to the KDE Plasma 5 desktop for the first time, news that will please fans of its famous flat stylings.
  • A New Project To Let You Run Qt Apps With GTK+ Windowing System Integration
    A Norwegian developer has developed a new Qt platform abstraction plug-in to let Qt applications make use of GTK+ for windowing system integration. The Qt apps rely upon GTK+ as a host toolkit to provide GTK menus, GTK for input, and other integration bits.
  • Ant is a Flat GTK Theme with a Bloody Bite
    Between Arc, Adapta and Numix it kind of feels like Linux has the whole flat GTK theme thing covered. But proving their’s always room for one more is Ant.

Android Leftovers

Development: Blockchain for Good Hackathon, ASUS Tinker Board, React License, JavaScript, Pascal, Python

  • Blockchain for Good Hackathon, Saturday, 30 September and Sunday, 1 October
    The Blockchain for Good Hackathon takes place Saturday, 30 September and Sunday, 1 October. Full agenda can be found here.
  • ASUS Tinker Board Is An Interesting ARM SBC For About $60 USD
    Earlier this year ASUS announced the Tinker Board as their first step into the ARM single board computer world. Earlier this month I finally received a Tinker Board for testing and it has been quite interesting to say the least. The Tinker Board with its Rockchip SoC has been among the most competitive ARM SBCs we have tested to date in its price range and the form factor is compatible with the Raspberry Pi.
  • Configure Thunderbird to send patch friendly
  • Facebook to Relicense React Under MIT [Ed: as we hoped [1, 2]]
    Facebook has decided to change the React license from BSD+Patents to MIT to make it possible for companies to include React in Apache projects, and to avoid uncertain relationship with the open source community. Adam Wolff, an Engineering Director at Facebook, has announced that a number of projects - React, Jest, Flow, and Immutable.js – will soon start using the more standard MIT License instead of BSD+Patents. The reason provided is "because React is the foundation of a broad ecosystem of open source software for the web, and we don't want to hold back forward progress for nontechnical reasons." While aware that the React’s BSD+Patents license has created "uncertainty" among users of the library, prompting some to select an alternative solution, Facebook does not "expect to win these teams back" but they still hope some will reconsider the issue. The change in license will become effective when React 16 will be released next week. Regarding other projects, Wolff said that "many of our popular projects will keep the BSD + Patents license for now", while they are "evaluating those projects' licenses too, but each project is different and alternative licensing options will depend on a variety of factors." It seems from this clause that Facebook plans to get rid of the BSD+Patents license entirely, but they need to figure out the best option for each project. [...] Facebook’s plan to switch to a standard license MIT, supported by Apache, completely solves this problem with React and several other projects. It remains to see what happens with the license of other Facebook projects, and how much this license issue has affected how React is perceived by the community.
  • To type or not to type: quantifying detectable bugs in JavaScript
  • Plug For PASCAL
  • V. Anton Spraul's Think Like a Programmer, Python Edition

New Manjaro Release

What a week we had. With this update we have removed most of our EOL tagged kernels. Please adopt to newer series of each, when still be used. PulseAudio and Gstreamer got renewed. Also most of our kernels got newer point-releases. Series v4.12 is now marked as EOL. Guillaume worked on Pamac to solve reported issues within our v6 series. The user experience should be much better now. Latest NetworkManager, Python and Haskell updates complete this update-pack. Please report back and give us feedback for given changes made to our repositories. Read more