MakuluLinux

Now Offering XFCE, KDE, E17 & MATE

Forums

Post Reply
Forum Home > General Discussion > SUDO or SU? Please don't laugh! ;)

digitaldefector
Member
Posts: 20

I've been using GNU/Linux for quite sometime. I remember before Ubuntu came to life that when installing software, anything that required adminstration access, is to run "su" in terminal. Then Ubuntu came along and it became the norm to use "sudo". Since I have two passwords, one for user, and one for root, I'm not sure if it is recommended to use "sudo"? Because of this confusion I've been using "su". Does it even matter?

April 18, 2014 at 8:30 PM Flag Quote & Reply

GoodGuy98
Member
Posts: 71

If you prefer to use sudo like Ubuntu, run the visudo command in a terminal. The sudo will require your user password at this point.


sudo visudo


Add a new entry after the existing Defaults entries.


Defaults        rootpw


Press Ctrl+O to write the update and Ctrl+X to exit.


It will require the Root password from this point on.


Hope this helps

April 18, 2014 at 9:48 PM Flag Quote & Reply

digitaldefector
Member
Posts: 20

Thanks that helps. su has been working so far, and now that I'm aware of my options, I think I'll stick with su. 

--

"really caring about what you do is way more important then having mental vision of this golden future that you want to reach" Linus Torvalds

April 18, 2014 at 10:37 PM Flag Quote & Reply

GoodGuy98
Member
Posts: 71

su is considered dangerous because every command you run has root privileges. The sudo method means you must intentionally allow root privilege for each command rather than default to it. If you have a long list of commands to run as root, use su in a case like that. It takes some work to get Ubuntu to allow a su command iirc.

April 19, 2014 at 1:31 AM Flag Quote & Reply

joyboy
Member
Posts: 27

I too, am accustomed to using su to gain root privileges.  The odd thing here is when I launch Synaptic or the mint update, typing my root password doesn't work, so I have to use my regular user password which seems totally backwards to me, and I don't know how to change that.

May 16, 2014 at 5:53 PM Flag Quote & Reply

joyboy
Member
Posts: 27

Would using the above instructions to digitaldefe accomplish what I'm used to?  Also, I've never heard that using su is dangerous, but just the opposite, as invoking it implies intention to use root privileges, and seems more convenient to me than using sudo each time, IMHO :)

May 16, 2014 at 6:01 PM Flag Quote & Reply

c00ter
Administrator
Posts: 294

Basically, when you invoke su, you run as root. That's living dangerously, unless you really have the need. Sudo gives you some of root's priveleges, but not all.

--

"I've given up eating healthy food.  At my age, I need all the preservatives I can get." ;)

----------------------------------
MakuluLinux FAQ: http://www.makululinux.com/apps/faq/
Debian Help: http://www.debianhelp.org/
 

May 16, 2014 at 7:39 PM Flag Quote & Reply

joyboy
Member
Posts: 27

Not to criticize, but to present the view garnered from the pclos forum regarding the use of sudo vs su, I copy/paste the following:

In The Manner Of The Buntus = ITMOTB, sudo is a major security risk, so pclos doesn't support the use of it except for the proper use of sudo as a limiting resource, when root privileges are needed for a specific repeatable purpose, such as when needed for the proper functioning of an application, within a script, or when a specific user on a multi user system is assigned limited administrative duties, but is not allowed access to the root password or full root privileges. This is the purpose for which sudo was intended.  Sudo, when used ITMOTB, gives blanket, unlimited root privileges to a normal user, who can then literally run as root using his own normal user's password; there being no specific root password set, effectively the normal user's password becomes the root password, thereby removing an entire layer of Linux system security.

May 18, 2014 at 4:33 PM Flag Quote & Reply

killbubble
Member
Posts: 28

Effectively i too recall the root user being deactivated on ubuntu or something like that. Anyway i always prefer to check it is enabled by changing the root password on every system i install immediatly and then i use sudo everywhere it isn't strictly necessary to use su.

Sudo is safer than su as it allows temporary logging to superuser powers and keeps logs.

From ubuntu's help pages:


"

Misconceptions:

1)Isn't sudo less secure than su?

The basic security model is the same, and therefore these two systems share their primary weaknesses. Any user who uses su or sudo must be considered to be a privileged user. If that user's account is compromised by an attacker, the attacker can also gain root privileges the next time the user does so. The user account is the weak link in this chain, and so must be protected with the same care as Root.

On a more esoteric level, sudo provides some features which encourage different work habits, which can positively impact the security of the system. sudo is commonly used to execute only a single command, while su is generally used to open a shell and execute multiple commands. The sudo approach reduces the likelihood of a root shell being left open indefinitely, and encourages the user to minimize their use of root privileges.

"


I'd just rather not keep su shells open on my pc, never know who might use them....but that's just my way of dealing with the su/sudo problem.

--

---------------


Be free, be GNU!

May 19, 2014 at 2:00 PM Flag Quote & Reply

raymerjacque
Site Owner
Posts: 474

Sudo is definitely safer to use than SU, as stated Sudo allows a single root command to be given where as SU allows any number of commands while shell is open...


It is all about habbits tho, I have observed people that use SU tend to always use SU even after you warn them, I have always prefered to use Sudo myself, too much on my computer i wouldnt want just some stranger have access too ...


But both Ubuntu and Mint should NOT be on the recommended list if security is a priority for you, so many applications that get given auto root privilages .... Clear sign that they do not prioritise Security at all ...


Looking at a ton of Distributions, how many do you know that opens even simple things like the installer without asking root password ?  or is set to auto login ? or update manager runs without asking root password ? ( PLENTY of them ) these are all security risks, as the installer clones the current system to your drive, therefore if a hacker gains access to the system even in live mode, the installer would clone anything changed on the system onto your drive. I have had a few mails asking why installer needs a password ? or why update manager requires a password, also seen people not happy about it in reviews, but I would rather take a minute to type my password in and know the system is secure than worry about potential security holes ...

--

The new Makululinux Xfce has its moods, but once you tame her she will treat you nice...

Please Take a minute and take part in the MakuluLinux Survey by clicking here.

May 19, 2014 at 2:32 PM Flag Quote & Reply

killbubble
Member
Posts: 28

as right as i think you are, i recall that when i made the switch to linux for the first time i hated having to access synaptic with a password. Today i understand the sicurity risks, but as a new linux user i always thought i would rather have some sort of popup (like in microsoft windows) rather than a password...this is probably why new users hate sudo so much. This is probably why most of them keep active su-logged shell on their pcs, so they can quickly do stuff without a password.

Perhaps a workaround could be having synaptic auto-start at login with the superuser priviledges? this would help some new linux users get over the whole password issue...

--

---------------


Be free, be GNU!

May 19, 2014 at 4:07 PM Flag Quote & Reply

You must login to post.

Donate To Makulu

  • Donations 25 donations

Google Translator

Facebook

Twitter Follow Button