I use sudo su because running su with no options also gets you an interactive session without having to type anything but letters and a space
Both of these are for when you want a session as root which is nearly never necessary, but sometimes it’s more convenient that a set of commands preceded by sudo
I figured out that it just drops you into a root ahell, which is a bad thing.
You should try to never login as root. It’s just bad security hygiene.
I run sudo apt update, put in my password, thenonce my repos are updated, I run sudo apt upgrade. Password only has to be input once, unless I get busy and forget to do the upgrade command, in which case I haven’t left a root shell unattended for however long it took me to realize that I left the shell open.
That way if someone else comes along and tries to do stuff, they only have the limited privilege level that my user does.
Maybe I’m a bit ignorant, but would it make much of a difference? Whether I authenticate with my own account to get root permissions or directly with root, I still have a string of characters which I use to get root priveleges on my machine. For a single (physical) user machine, that allows me to use a separate password for root. Should be better than using the same one twice, right?
If root has a password, it’s only one password; everyone who has root access knows the password, which means that anyone can share it with no accountability. If privilege escalation rights are granted instead, it’s easy to see who did what, as well as to contain any kind of compromise (by revoking said rights).
Also, I think you originally referred to su but sudo allows much more granular control.
So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
Your home network is certainly less of a security risk due to both being a smaller target and (usually) needing to have fewer services available or ports open, so I would agree with you it’s acceptable for security to be more lax. Personally, I don’t find sudo to be less convenient than su; it’s even saved me from thoughtlessly running a dangerous command a time or two. Also, I try to keep my home network setup close to my work network until doing so gets in the way. If nothing else, this prevents me from getting used to a different way of doing things.
However, it’s your network. If you find that your way works better for you, by all means, configure your system in whatever way seems best to you!
I want to know more. Looking past running full desktop sessions as root and inputting stupid commands when sudo su, what’s the problem with having a terminal window open and escalated to root?
There’s some time limit before having to re input it.
Inputting a password multiple times into sudo has downsides too. Larger window for attackers to do something like: add a directory to your path, which has a fake sudo in it, and capture your password.
If I ever need to switch to the root user, I usually type su, but I saw someone use sudo su - in a video, which I thought was pretty strange but maybe the video creator knew something I didn’t, or it wasn’t possible to simply su a few years ago.
Fun fact. There HAS been a sploit based on the brief moment you’ve elevated to root before backing down to another account. This should be avoided, and those using it need ridicule for social correction. It’s like people who say ‘emails’ or ‘the ask’: just remind them how dumb they are and maybe they’ll stop.
I tend to to be working in obscure micro distros inside of docker or servers that should have been retired around the time of the dinosaurs so I am probably alone in this, just saying it can happen.
Why would you sudo su? That defeats the purpose of sudo.
I use
sudo su'cause I can type it quicker than sudo -iWhy use the - i?
I just sudo [command].
-i asks for an interactive session
I use
sudo subecause running su with no options also gets you an interactive session without having to type anything but letters and a spaceBoth of these are for when you want a session as root which is nearly never necessary, but sometimes it’s more convenient that a set of commands preceded by
sudoI figured out that it just drops you into a root ahell, which is a bad thing.
You should try to never login as root. It’s just bad security hygiene.
I run sudo apt update, put in my password, thenonce my repos are updated, I run sudo apt upgrade. Password only has to be input once, unless I get busy and forget to do the upgrade command, in which case I haven’t left a root shell unattended for however long it took me to realize that I left the shell open.
That way if someone else comes along and tries to do stuff, they only have the limited privilege level that my user does.
It even gets worse - I keep screen sessions open with one screen running root
Security and convenience balance, and if something has compromised my sudoer account they have root anyway
You get tired of playing Simon Says when you’re doing a lot of admin stuff at once.
Well then still
sudo -swould suffice, no?Have you heard of
su?Yes I have, also it’s in the original image. I was strictly talking about sudo usage
Having a password for root is Ill advised.
Maybe I’m a bit ignorant, but would it make much of a difference? Whether I authenticate with my own account to get root permissions or directly with root, I still have a string of characters which I use to get root priveleges on my machine. For a single (physical) user machine, that allows me to use a separate password for root. Should be better than using the same one twice, right?
If root has a password, it’s only one password; everyone who has root access knows the password, which means that anyone can share it with no accountability. If privilege escalation rights are granted instead, it’s easy to see who did what, as well as to contain any kind of compromise (by revoking said rights).
Also, I think you originally referred to
subutsudoallows much more granular control.So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
Your home network is certainly less of a security risk due to both being a smaller target and (usually) needing to have fewer services available or ports open, so I would agree with you it’s acceptable for security to be more lax. Personally, I don’t find
sudoto be less convenient thansu; it’s even saved me from thoughtlessly running a dangerous command a time or two. Also, I try to keep my home network setup close to my work network until doing so gets in the way. If nothing else, this prevents me from getting used to a different way of doing things.However, it’s your network. If you find that your way works better for you, by all means, configure your system in whatever way seems best to you!
If you do multiple admin commands, sudo doesn’t prompt for your password. There’s some time limit before having to re input it.
Logging in as root is bad security hygiene. You’ll become complacent and leave it logged in at some point. That’s how you get pwnd.
I want to know more. Looking past running full desktop sessions as root and inputting stupid commands when sudo su, what’s the problem with having a terminal window open and escalated to root?
Inputting a password multiple times into sudo has downsides too. Larger window for attackers to do something like: add a directory to your path, which has a fake sudo in it, and capture your password.
Depends how it’s configured
If I ever need to switch to the root user, I usually type
su, but I saw someone usesudo su -in a video, which I thought was pretty strange but maybe the video creator knew something I didn’t, or it wasn’t possible to simplysua few years ago.Fun fact. There HAS been a sploit based on the brief moment you’ve elevated to root before backing down to another account. This should be avoided, and those using it need ridicule for social correction. It’s like people who say ‘emails’ or ‘the ask’: just remind them how dumb they are and maybe they’ll stop.
I don’t know if I’m the only one who ran into this but sometimes sudo just doesn’t work and you have too.
I’ve been using Debian for the better part of 20 years, and sudo has never not worked.
I’ve used Debian for like half a year and this happened to me once, and to my buddy once as well.
Had to su
But why would someone use sudo to invoke su is out of my understanding.
I tend to to be working in obscure micro distros inside of docker or servers that should have been retired around the time of the dinosaurs so I am probably alone in this, just saying it can happen.