Results 1 to 14 of 14
-
2019-02-18, 01:12 PM (ISO 8601)
- Join Date
- Jul 2011
How does "sudo" even slightly resemble a vaguely good idea?
I've never understood the point of passwords on Linux, considering you can execute any command or view any file anyway just by typing "sudo" first.
EDIT: Apparently, sudo doesn't actually do that; it seems it still requires permission, just a different permission.Last edited by enderlord99; 2019-02-18 at 01:23 PM.
I use braces (also known as "curly brackets") to indicate sarcasm. If there are none present, I probably believe what I am saying; should it turn out to be inaccurate trivia, please tell me rather than trying to play along with an apparent joke I don't know I'm making.
-
2019-02-18, 01:18 PM (ISO 8601)
- Join Date
- Jun 2013
- Location
- Bristol, UK
Re: How does "sudo" even slightly resemble a vaguely good idea?
I agree. I don't claim to understand Linux.
The end of what Son? The story? There is no end. There's just the point where the storytellers stop talking.
-
2019-02-18, 01:32 PM (ISO 8601)
- Join Date
- Mar 2011
- Gender
Re: How does "sudo" even slightly resemble a vaguely good idea?
as far as I know
sudo = "DO as SUperuser"
"'member when windows did the whole "Run this .exe as and Administrator" ?
same thing, really.
-
2019-02-18, 02:08 PM (ISO 8601)
- Join Date
- Mar 2007
Re: How does "sudo" even slightly resemble a vaguely good idea?
Except that Linux insists on getting your password and comparing the user to the list of people allowed to "run as root". It is more like the Windows "click here if you really mean it" (to make sure the user wants to do the thing that requires admin access, and not some virus).
There is a lot of mythology of fear of logging in as root in the Linux/Unix world, almost all of which only makes sense on servers and is absolute nonsense when working on a desktop. On the desktop the root/user "scariness" should be reversed: it is trivial to replace files belonging to root, but if you don't have backups of user files, you are absolutely screwed. User files represent the work done on the workstation, while root files can be downloaded from many places and reinstalled if necessary.
Linux is actually quite effective on the desktop: and it isn't only Windows users who refuse to believe it, there's also those "security axioms" that assume that a Linux/Unix machine simply *has* to be seen as a server and that user time is unimportant.
-
2019-02-18, 03:38 PM (ISO 8601)
- Join Date
- Feb 2007
- Location
- Manchester, UK
- Gender
Re: How does "sudo" even slightly resemble a vaguely good idea?
You mean UAC. Yeah, SUDO in modern versions of Linux is pretty much like that, and just to reiterate, it only works if you have admin rights yourself or if you know the password of an account with those rights--you can't use it to gain rights that you otherwise wouldn't possess.
-
2019-02-18, 03:57 PM (ISO 8601)
- Join Date
- Mar 2005
- Location
- 61.2° N, 149.9° W
- Gender
Re: How does "sudo" even slightly resemble a vaguely good idea?
One of the points of sudo is that you don't have to log in as root to perform a one-off admin task. So the admin walking away from their computer for 5 minutes is relatively safe/safer in an untrusted environment.
Ideally, since any executable should default to running with the current user privileges, it should also restrict malicious code execution.
-
2019-02-18, 05:06 PM (ISO 8601)
- Join Date
- Apr 2008
- Location
- Germany
- Gender
Re: How does "sudo" even slightly resemble a vaguely good idea?
As people have pointed out, there is a lot of logic behind "sudo", and it's not unique to Linux. Windows still has "run as admin" (at least my win 10 does, at times)
The most basic is, if you have non admin users on Linux, you prevent them from effing with important bits. Which is important, because sometimes users are dumb.
For less experienced people it is useful to be reminded when they do something that will affect their OS, because many people don't consider "oops, I need to reinstal my OS now" a minor inconvenience, depending on how bad the damage is.
-
2019-02-23, 03:29 AM (ISO 8601)
- Join Date
- Jul 2004
- Location
- Freiburg, germany
- Gender
Re: How does "sudo" even slightly resemble a vaguely good idea?
The "you can do everything if you preface it with sudo" comes from Ubuntu, and has largely stayed there, too. Dunno how Fedora and OpenSuse handles it, but on my Arch install sudo isn't even in the default packages installed. Ubuntu went that way to be easier to new users and windows migrants.
If you know your use cases you can configure it quite finely, too, down to parameters of specific programs, ie "Bob can only search for and install programs, not remove them", for what it's worth. This is quite important on servers, as maybe you want the devops guy to be able to restart the webserver, but not stop it, for example.
Personally, on my desktop I've allowed my user package management (install, update, remove, and only from official repositories, not locally downloaded ones), since 99% of the time that's what I want to do on the system as root. Everything else is either a) running in userspace anyways (mounting FUSE filesystems like USB or CIFS/Windows shares, network management) or b) needs to be segregated to ensure my PCs health (local packages, adding repositories, reconfiguring locale, systemtime, mounting and especially unmounting local media etc.).
On a single user PC this might seem a little overkill, but once you've got your SO/Kids/Cat using the computer this'll sort out a lot of problems.
Now if only windows had something comparable, then their UAC might actually be a real security measure, but their core architecture won't allow this for now. Once they get rid of all their legacy cruft, which they're slowly but surely working on that might be a possibility. One can dream :)
-
2019-02-23, 05:05 AM (ISO 8601)
- Join Date
- Jul 2010
Re: How does "sudo" even slightly resemble a vaguely good idea?
Huh?
This is objectively false. I'm not going to claim that you're intentionally lying, but your statement is at least an accidental lie.
I was using sudo on Red Hat and Slackware back in the 90s, long before Ubuntu existed.
Edit: the simplest Google search (history of sudo) yields an article about its creation. Apparently it originated in BSD, not Linux. In 1980 or so.
https://www.sudo.ws/history.htmlLast edited by gomipile; 2019-02-23 at 05:12 AM.
-
2019-02-23, 05:53 AM (ISO 8601)
- Join Date
- Jul 2004
- Location
- Freiburg, germany
- Gender
Re: How does "sudo" even slightly resemble a vaguely good idea?
I have worded that badly, sorry. What I meant was:
The current usage for sudo (being preinstalled and letting the user do anything with it out of the box) originates with Ubuntu.
The tool itself is of course much older, but not withCode:all ALL=(ALL) ALL
Code:%webmasters LOCALHOST=/usr/bin/apache restart
-
2019-02-23, 05:58 AM (ISO 8601)
- Join Date
- Sep 2016
Re: How does "sudo" even slightly resemble a vaguely good idea?
I don't think the claim is about the existence but the culture (although it is a bit ).
Ubuntu definitely made the conscious decision to not encourage an independent 'root user' so that doing the activities via sudo became very strongly the default. Of course it was helped by the fact that it had become a de-facto default way of doing it (and I'm sure it wasn't the first).
It was already true "You can do everything if preface it with Sudo" (if set up), Ubuntu made it so you Had to preface it with Sudo.
Part of it was also making it clear that using Sudo allowed you/it to do anything was to make sure you knew not to do it
_____________
Regardless in any case you don't just prefix it with sudo, you then have to sign in (needing your password)
It was easy to set a guest account so he couldn't sudo a root operation as himself (needing your password), in fact I think it was default for additional logins?
That said there are some things I don't like, android style permissions have a lot to be said (except that they then get abused), and as said above really it's my documents that I want protecting from myself. So I think there is room for a better structure.
X-post, putting the boundary slightly back from my guess at the middle, (My Debian installs have had sudo, but that was post Ubuntu and I selected the Ubuntu style options, it either has "root password no sudo" or "no root password and sudo")Last edited by jayem; 2019-02-23 at 06:14 AM.
-
2019-02-23, 06:29 AM (ISO 8601)
- Join Date
- Jul 2010
-
2019-02-23, 06:33 AM (ISO 8601)
- Join Date
- Jul 2004
- Location
- Freiburg, germany
- Gender
-
2019-02-27, 07:21 PM (ISO 8601)
- Join Date
- Dec 2010
- Location
- The Great White North
- Gender
Re: How does "sudo" even slightly resemble a vaguely good idea?
Linux is based on UNIX which was a multiple-user OS. To prevent users from accidentally or intentionally damaging other people's files, permissions and passwords were built into the OS.
Originally, to do admin work one would have to login as root. But in shops with multiple admins and multiple machines, regularly changing passwords became a logistic nightmare. So they invented su (switch user) and sudo (switch user do once) to get around this problem. With these two commands, admins could use their own passwords to do admin work.How do you keep a fool busy? Turn upside down for answer.
˙ɹǝʍsuɐ ɹoɟ uʍop ǝpısdn uɹnʇ ¿ʎsnq ןooɟ ɐ dǝǝʞ noʎ op ʍoɥ