New OOTS products from CafePress
New OOTS t-shirts, ornaments, mugs, bags, and more
Results 1 to 14 of 14
  1. - Top - End - #1
    Ettin in the Playground
     
    enderlord99's Avatar

    Join Date
    Jul 2011

    Default How does "sudo" even slightly resemble a vaguely good idea?

    I've never understood the point of passwords on Linux, considering you can execute any command or view any file anyway just by typing "sudo" first.

    EDIT: Apparently, sudo doesn't actually do that; it seems it still requires permission, just a different permission.
    Last edited by enderlord99; 2019-02-18 at 01:23 PM.
    Spoiler: Vanity quotes
    Show
    Quote Originally Posted by Strigon View Post
    Wow.
    That took a very sudden turn for the dark.

    I salute you.
    Quote Originally Posted by AuthorGirl View Post
    I wish it was possible to upvote here.

    I use braces (also known as "curly brackets") to indicate sarcasm. If there are none present, I probably believe what I am saying; should it turn out to be inaccurate trivia, please tell me rather than trying to play along with an apparent joke I don't know I'm making.

  2. - Top - End - #2
    Ettin in the Playground
     
    Griffon

    Join Date
    Jun 2013
    Location
    Bristol, UK

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    I agree. I don't claim to understand Linux.
    The end of what Son? The story? There is no end. There's just the point where the storytellers stop talking.

  3. - Top - End - #3
    Dwarf in the Playground
     
    FireJustice's Avatar

    Join Date
    Mar 2011
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    as far as I know
    sudo = "DO as SUperuser"

    "'member when windows did the whole "Run this .exe as and Administrator" ?
    same thing, really.

  4. - Top - End - #4
    Bugbear in the Playground
    Join Date
    Mar 2007

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by FireJustice View Post
    as far as I know
    sudo = "DO as SUperuser"

    "'member when windows did the whole "Run this .exe as and Administrator" ?
    same thing, really.
    Except that Linux insists on getting your password and comparing the user to the list of people allowed to "run as root". It is more like the Windows "click here if you really mean it" (to make sure the user wants to do the thing that requires admin access, and not some virus).

    There is a lot of mythology of fear of logging in as root in the Linux/Unix world, almost all of which only makes sense on servers and is absolute nonsense when working on a desktop. On the desktop the root/user "scariness" should be reversed: it is trivial to replace files belonging to root, but if you don't have backups of user files, you are absolutely screwed. User files represent the work done on the workstation, while root files can be downloaded from many places and reinstalled if necessary.

    Linux is actually quite effective on the desktop: and it isn't only Windows users who refuse to believe it, there's also those "security axioms" that assume that a Linux/Unix machine simply *has* to be seen as a server and that user time is unimportant.

  5. - Top - End - #5
    Colossus in the Playground
     
    BlackDragon

    Join Date
    Feb 2007
    Location
    Manchester, UK
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by wumpus View Post
    Except that Linux insists on getting your password and comparing the user to the list of people allowed to "run as root". It is more like the Windows "click here if you really mean it" (to make sure the user wants to do the thing that requires admin access, and not some virus).
    You mean UAC. Yeah, SUDO in modern versions of Linux is pretty much like that, and just to reiterate, it only works if you have admin rights yourself or if you know the password of an account with those rights--you can't use it to gain rights that you otherwise wouldn't possess.

  6. - Top - End - #6
    Ettin in the Playground
     
    Telok's Avatar

    Join Date
    Mar 2005
    Location
    61.2° N, 149.9° W
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    One of the points of sudo is that you don't have to log in as root to perform a one-off admin task. So the admin walking away from their computer for 5 minutes is relatively safe/safer in an untrusted environment.

    Ideally, since any executable should default to running with the current user privileges, it should also restrict malicious code execution.

  7. - Top - End - #7
    Titan in the Playground
     
    Kato's Avatar

    Join Date
    Apr 2008
    Location
    Germany
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    As people have pointed out, there is a lot of logic behind "sudo", and it's not unique to Linux. Windows still has "run as admin" (at least my win 10 does, at times)

    The most basic is, if you have non admin users on Linux, you prevent them from effing with important bits. Which is important, because sometimes users are dumb.
    For less experienced people it is useful to be reminded when they do something that will affect their OS, because many people don't consider "oops, I need to reinstal my OS now" a minor inconvenience, depending on how bad the damage is.
    "What's done is done."

    Pony Avatar thanks to Elemental

  8. - Top - End - #8
    Bugbear in the Playground
     
    Whoracle's Avatar

    Join Date
    Jul 2004
    Location
    Freiburg, germany
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    The "you can do everything if you preface it with sudo" comes from Ubuntu, and has largely stayed there, too. Dunno how Fedora and OpenSuse handles it, but on my Arch install sudo isn't even in the default packages installed. Ubuntu went that way to be easier to new users and windows migrants.

    If you know your use cases you can configure it quite finely, too, down to parameters of specific programs, ie "Bob can only search for and install programs, not remove them", for what it's worth. This is quite important on servers, as maybe you want the devops guy to be able to restart the webserver, but not stop it, for example.

    Personally, on my desktop I've allowed my user package management (install, update, remove, and only from official repositories, not locally downloaded ones), since 99% of the time that's what I want to do on the system as root. Everything else is either a) running in userspace anyways (mounting FUSE filesystems like USB or CIFS/Windows shares, network management) or b) needs to be segregated to ensure my PCs health (local packages, adding repositories, reconfiguring locale, systemtime, mounting and especially unmounting local media etc.).

    On a single user PC this might seem a little overkill, but once you've got your SO/Kids/Cat using the computer this'll sort out a lot of problems.

    Now if only windows had something comparable, then their UAC might actually be a real security measure, but their core architecture won't allow this for now. Once they get rid of all their legacy cruft, which they're slowly but surely working on that might be a possibility. One can dream :)

  9. - Top - End - #9
    Ogre in the Playground
     
    gomipile's Avatar

    Join Date
    Jul 2010

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by Whoracle View Post
    The "you can do everything if you preface it with sudo" comes from Ubuntu, and has largely stayed there, too.
    Huh?

    This is objectively false. I'm not going to claim that you're intentionally lying, but your statement is at least an accidental lie.

    I was using sudo on Red Hat and Slackware back in the 90s, long before Ubuntu existed.

    Edit: the simplest Google search (history of sudo) yields an article about its creation. Apparently it originated in BSD, not Linux. In 1980 or so.

    https://www.sudo.ws/history.html
    Last edited by gomipile; 2019-02-23 at 05:12 AM.

  10. - Top - End - #10
    Bugbear in the Playground
     
    Whoracle's Avatar

    Join Date
    Jul 2004
    Location
    Freiburg, germany
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by gomipile View Post
    Huh?

    This is objectively false. I'm not going to claim that you're intentionally lying, but your statement is at least an accidental lie.

    I was using sudo on Red Hat and Slackware back in the 90s, long before Ubuntu existed.

    Edit: the simplest Google search (history of sudo) yields an article about its creation. Apparently it originated in BSD, not Linux. In 1980 or so.

    https://www.sudo.ws/history.html
    I have worded that badly, sorry. What I meant was:
    The current usage for sudo (being preinstalled and letting the user do anything with it out of the box) originates with Ubuntu.

    The tool itself is of course much older, but not with
    Code:
    all ALL=(ALL) ALL
    , but for example with
    Code:
    %webmasters LOCALHOST=/usr/bin/apache restart
    or something like that.

  11. - Top - End - #11
    Barbarian in the Playground
     
    PaladinGuy

    Join Date
    Sep 2016

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by gomipile View Post
    Huh?

    This is objectively false. I'm not going to claim that you're intentionally lying, but your statement is at least an accidental lie.

    I was using sudo on Red Hat and Slackware back in the 90s, long before Ubuntu existed.

    Edit: the simplest Google search (history of sudo) yields an article about its creation. Apparently it originated in BSD, not Linux. In 1980 or so.

    https://www.sudo.ws/history.html
    I don't think the claim is about the existence but the culture (although it is a bit ).
    Ubuntu definitely made the conscious decision to not encourage an independent 'root user' so that doing the activities via sudo became very strongly the default. Of course it was helped by the fact that it had become a de-facto default way of doing it (and I'm sure it wasn't the first).

    It was already true "You can do everything if preface it with Sudo" (if set up), Ubuntu made it so you Had to preface it with Sudo.
    Part of it was also making it clear that using Sudo allowed you/it to do anything was to make sure you knew not to do it

    _____________
    Regardless in any case you don't just prefix it with sudo, you then have to sign in (needing your password)
    It was easy to set a guest account so he couldn't sudo a root operation as himself (needing your password), in fact I think it was default for additional logins?

    That said there are some things I don't like, android style permissions have a lot to be said (except that they then get abused), and as said above really it's my documents that I want protecting from myself. So I think there is room for a better structure.

    X-post, putting the boundary slightly back from my guess at the middle, (My Debian installs have had sudo, but that was post Ubuntu and I selected the Ubuntu style options, it either has "root password no sudo" or "no root password and sudo")
    Last edited by jayem; 2019-02-23 at 06:14 AM.

  12. - Top - End - #12
    Ogre in the Playground
     
    gomipile's Avatar

    Join Date
    Jul 2010

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by Whoracle View Post
    I have worded that badly, sorry. What I meant was:
    The current usage for sudo (being preinstalled and letting the user do anything with it out of the box) originates with Ubuntu.

    The tool itself is of course much older, but not with
    Code:
    all ALL=(ALL) ALL
    , but for example with
    Code:
    %webmasters LOCALHOST=/usr/bin/apache restart
    or something like that.
    Ah. Fair enough. I didn't realize that's what you meant. I'm used to using sudo in what I guess is the old fashioned way.
    Quote Originally Posted by Harnel View Post
    where is the atropal? and does it have a listed LA?

  13. - Top - End - #13
    Bugbear in the Playground
     
    Whoracle's Avatar

    Join Date
    Jul 2004
    Location
    Freiburg, germany
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by gomipile View Post
    Ah. Fair enough. I didn't realize that's what you meant. I'm used to using sudo in what I guess is the old fashioned way.
    No problem, like I said I could've worded that way better :)

  14. - Top - End - #14
    Bugbear in the Playground
     
    shawnhcorey's Avatar

    Join Date
    Dec 2010
    Location
    The Great White North
    Gender
    Male

    Default Re: How does "sudo" even slightly resemble a vaguely good idea?

    Quote Originally Posted by enderlord99 View Post
    I've never understood the point of passwords on Linux, considering you can execute any command or view any file anyway just by typing "sudo" first.

    EDIT: Apparently, sudo doesn't actually do that; it seems it still requires permission, just a different permission.
    Linux is based on UNIX which was a multiple-user OS. To prevent users from accidentally or intentionally damaging other people's files, permissions and passwords were built into the OS.

    Originally, to do admin work one would have to login as root. But in shops with multiple admins and multiple machines, regularly changing passwords became a logistic nightmare. So they invented su (switch user) and sudo (switch user do once) to get around this problem. With these two commands, admins could use their own passwords to do admin work.
    How do you keep a fool busy? Turn upside down for answer.
    ˙ɹǝʍsuɐ ɹoɟ uʍop ǝpısdn uɹnʇ ¿ʎsnq ןooɟ ɐ dǝǝʞ noʎ op ʍoɥ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •