Chris's Wiki :: blog/sysadmin/SudoVsSuForMe Commentshttps://utcc.utoronto.ca/~cks/space/blog/sysadmin/SudoVsSuForMe?atomcommentsDWiki2014-06-09T04:36:55ZRecent comments in Chris's Wiki :: blog/sysadmin/SudoVsSuForMe.By Chris Siebenmann on /blog/sysadmin/SudoVsSuForMetag:CSpace:blog/sysadmin/SudoVsSuForMe:dafde54abea676b62b5e60fb1578af1d2326c868Chris Siebenmann<div class="wikitext"><p>I don't believe that RBAC would meet my needs in practice for reasons
that I decided to write up in <a href="https://utcc.utoronto.ca/~cks/space/blog/unix/FundamentalSuProblem">The fundamental problem that created
<code>su</code></a>. The shortest version is that I
generally don't want to have any powers in my account's default state
(or to have only very limited, very safe powers).</p>
</div>2014-06-09T04:36:55ZBy implicate_order on /blog/sysadmin/SudoVsSuForMetag:CSpace:blog/sysadmin/SudoVsSuForMe:a252212cf65f865ab994bd1a99b2a985bfc66778implicate_orderhttp://www.realsysadmin.com<div class="wikitext"><p>Another viable alternative to sudo and su is the use of RBAC. Agreed it is somewhat cumbersome, but it "CAN" resolve some of the permission/privilege issues that we encounter with the su vs sudo paradigm.</p>
<p>Of course the underlying OS needs to address the RBAC functionality (for e.g.: Solaris does an excellent job with RBAC). My biggest hurdle with implementing RBAC was trying to convince my sysadmin brethren into adopting it over sudo or su (or shudder, in some cases direct login as root).</p>
</div>2014-06-07T21:18:40ZBy dozzie on /blog/sysadmin/SudoVsSuForMetag:CSpace:blog/sysadmin/SudoVsSuForMe:219857f8a1961a4ea6add79616a0e804e6151e82dozzie<div class="wikitext"><p>@David Magda:</p>
<blockquote><p>As for SSHing in as root directly: I'm not a fan.</p>
</blockquote>
<p>I'll add a small argument against <code>ssh root@...</code>: shell environment in
a multi-admin team. With <code>sudo</code> there is <em>$SUDO_USER</em> variable. Shell can set
different options (e.g. prompt) depending on who is using the root privileges.</p>
<p>Moreover, most of the people out there use bash, while I use zsh. I keep zsh
when I use <code>sudo</code>, so there's even more to gain than mere prompt.</p>
</div>2014-05-22T22:30:23ZBy David Magda on /blog/sysadmin/SudoVsSuForMetag:CSpace:blog/sysadmin/SudoVsSuForMe:f25502b981f9911d8d16535733d818f67560fd98David Magdahttp://www.magda.ca/<div class="wikitext"><p>I think the determining factor on whether <code>sudo</code> or <code>su</code> makes the most sense is who is logging into servers:</p>
<ul><li>If there is only one (smallish) team that runs things, and has root anyway, then <code>sudo</code> doesn't get you much.</li>
<li>However, if you have different teams and/or groups that have different responsibilities, you'll probably be setting up <code>sudo</code> for them anyway, so you might as well leverage it for the sysadmin team just to be consistent.</li>
</ul>
<p>As for SSHing in as root directly: I'm not a fan. Personally I think systems should at the very least force root logins to use SSH keys ("<code>PermitRootLogin without-password</code>" in sshd-config(5)), especially for the more sensitive systems like your central (LDAP, NIS) auth hosts and firewalls.</p>
<p>I don't think auditing buys you much, but in many fields it's legal (CYA) requirement.</p>
</div>2014-05-15T21:36:37ZBy Ewen McNeill on /blog/sysadmin/SudoVsSuForMetag:CSpace:blog/sysadmin/SudoVsSuForMe:761f9ac26fed7baa1d795302090038c46867e742Ewen McNeill<div class="wikitext"><p>I've basically switched to sudo over the last 5 years (having used it off and on for a bunch of years prior to that) without really intending to switch. I'm by no means convinced it's a perfect solution (and the config file format/parsing is abysmal), but with the way I work (consulting sysadmin, Linux/BSD-derived) it's pretty universally available to me (and, eg, root password often isn't; for a client they can fairly easily revoke sudo permissions after the project is over but changing the root password may be more non-trivial). Even on my own systems it's rare that I'll either log in as root directly or use su directly these days (in part because several Linux distros, OS X, etc, don't even enable the root account by default). At this point I've basically trained my fingers to type "sudo ..." when I want it to be run as root (as you do /bin/su).</p>
<p>I too have a disposable usage pattern (and will also close windows, just to open another one right in its place). With common sudo configurations (ie, rights tied to tty), it's possible to make the could-be-root access go away just by closing the terminal window (or ssh session). And I find I do that fairly routinely when I'm done with that bit of "being root". As well as using a second/third window which I'm not doing sudo in, to be "regular user".</p>
<p>No idea if it makes sense for you to work on changing. But if you do, I'd suggest you consider it a multi-year transition. Starting with making sudo universally available (ie, install it on all systems), and using it as a "better setuid" for more things.</p>
<p>Ewen</p>
</div>2014-05-15T09:09:11Z