DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

View Poll Results: Do you su or sudo?
su only: nothing can improve on a classic! 7 25.00%
sudo only: it's su on steriods! 7 25.00%
I use both! 13 46.43%
I only use the root account! 1 3.57%
Voters: 28. You may not vote on this poll

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,834
Thanked 190 Times in 160 Posts
Default Do you su or sudo?

It has been awhile since we have had a site-wide poll!

All members of the BSD family have su(1). Some members make sudo available in their base installations, while others make it available as a package. Which is your preference & why?

As a bonus, for those running sudo(8), do you customize the default policy in any way?
Reply With Quote
  #2   (View Single Post)  
Old 18th July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,834
Thanked 190 Times in 160 Posts
Default

I use both, but I only use su(1) to switch users in the administration of PostgreSQL. Otherwise, I use sudo(8) approximately 95% of the time.

As for sudo(8) customizations:
  • Uncomment giving root access to the wheel group, but passwords still need to be specified:
  • Uncomment the option to suppress lecturing (I don't need the long message displayed upon first usage), & suppress the badgering quips if I misspell my password.
Reply With Quote
  #3   (View Single Post)  
Old 18th July 2011
Daffy Daffy is offline
Fdisk Soldier
 
Join Date: Jun 2010
Posts: 73
Thanked 0 Times in 0 Posts
Default

Using sudo because it's in OpenBSD by default, and use it mainly to mount/write/delete files on some external hdds. Also I'm using sudo to add/delete/update packages.
Reply With Quote
  #4   (View Single Post)  
Old 18th July 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 305
Thanked 9 Times in 9 Posts
Default

I voted su only, though when I'm dealing with Linux I tend to use "sudo su" heh.

Really, if I'm doing something that requires root, I want a root shell...period. I don't want to have to repeatedly "power-up" the shell I'm in already haha.
__________________
Linux Admin by Profession. OpenBSD user by choice.
Reply With Quote
  #5   (View Single Post)  
Old 18th July 2011
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
formerly killasmurf86
 
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 588
Thanked 29 Times in 26 Posts
Default

I voted for using both, but I use sudo only for very specific tasks, such as (un)loading VirtualBox kernel module, Killing geli drives, etc.
99.99% of time I use su
Reply With Quote
  #6   (View Single Post)  
Old 18th July 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

I use both, but I only use su for non-root userids (such as for PostgreSQL, just like ocicat).

I use "sudo -s" if I want a root shell, rather than a single command.

My only modification to the default config is to enable sudo use without passwords (all of my systems have controlled access).
Reply With Quote
  #7   (View Single Post)  
Old 18th July 2011
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 534
Thanked 14 Times in 13 Posts
Default

I use su and/or a root shell. This combination was not in the poll so I didn't cast a vote so as not to pollute the statistics. The times I've looked at sudo, I found it totally opaque and decided not to use something I didn't understand. When I do admin tasks there's usually lots to do, so a root shell is very convenient. I know this is not considered good practice and I'm not recommending it to anyone. It has worked for me on home systems that are not regularly connected to the 'net. (Having written this, it seems likely I'll now go and delete the root filesystem by accident. )
Reply With Quote
  #8   (View Single Post)  
Old 18th July 2011
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

I use both, for various reasons.
Reply With Quote
  #9   (View Single Post)  
Old 18th July 2011
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 733
Thanked 36 Times in 32 Posts
Default

I use both with tendency to use su as little as possible once the system is setup.
Reply With Quote
Old 18th July 2011
classicmanpro's Avatar
classicmanpro classicmanpro is offline
Real Name: Turea Alexandru Teodor
Fdisk Soldier
 
Join Date: Oct 2010
Location: Romania (SE Europe)
Posts: 49
Thanked 1 Time in 1 Post
Post

Code:
classicmanpro ~ % which sudo
sudo: Command not found.
Exit 1
I have no use for root access, other than update software packages.
__________________
A daemon in need is a daemon indeed.
Reply With Quote
Old 18th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Well, I have been using su exclusively, from now on I will do sudo to keep myself out of trouble.
Reply With Quote
Old 18th July 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,051
Thanked 198 Times in 156 Posts
Default

For a brief moment I considered voting for "I only use the root account!" just for the fun of it

Anyway,

I just use su, for two reasons:
1) I'm typically either the only user, or just one of a few who all have root access.
2) I always forget to type sudo before my commands.

Actually, I think the order might be reversed ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 19th July 2011
unicyclist unicyclist is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 54
Thanked 2 Times in 2 Posts
Default

My home machine(s) I use sudo maybe 5% of the time. I think after trying a linux (or two) distro, I got pretty tired of all the sudo stuff.
Reply With Quote
Old 19th July 2011
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,051
Thanked 118 Times in 93 Posts
Default

I use sudo on the desktop machines but on production servers, I use only su.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
Old 19th July 2011
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 699
Thanked 90 Times in 81 Posts
Default

If I need a root shell (ie doing more than one thing as root) I use sudo su - to make sure I get a full root session (root ENV, root shell, root prefs, etc).

Otherwise, I use just sudo <command> for everything. Mainly to get an audit log of what I did and when. Especially on remote systems or ones I don't interact with very often.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
Old 21st July 2011
demonio demonio is offline
New User
 
Join Date: Jul 2011
Posts: 2
Thanked 0 Times in 0 Posts
Default

sudo is soooooo buntus...
Reply With Quote
Old 21st July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,834
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by demonio View Post
sudois soooooo buntus...
I can only assume you are referring to Ubuntu. Note that sudo(8) is currently maintained by one of the OpenBSD developers. It is not a Linuxism imported into the *BSD world.

If you object to the restrictions that sudo places on users/administrators, note that this can be fine-tuned. A primary reason I created this thread was to advocate that sudo doesn't have to be taken with its default configuration. It is quite configurable.

An administrative problem with su(1) is that knowledge of the root password provides total access to a system. With sudo, an access policy can be constructed to provide limited access, & the root password doesn't have to be disclosed. From an administrative standpoint, this is a win when considering security.
Reply With Quote
Old 21st July 2011
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 699
Thanked 90 Times in 81 Posts
Default

We make fairly heavy use of sudoers file at work. Our backups account, for example, can run rsync without a password, but only when connecting from the backups servers. Our vidcon tech can manage/edit gatekeeper-related stuff on the firewalls but nothing else. Our helpdesk can run specific commands on remote servers, but only when connecting from the board office. And so on.

Much nicer than having 15-odd people knowing the root password.

But, the nicest thing about sudo is that every invocation is logged so we have an audit trail. Someone logged in as root (via console, su, ssh if enabled) can screw something up and we wouldn't know who did what or when.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
Old 22nd July 2011
Ninguem Ninguem is offline
Shell Scout
 
Join Date: Jun 2011
Posts: 136
Thanked 0 Times in 0 Posts
Default

My belief and practice - probably due to the blatant use of sudo in Ubuntu and the fact that anyone can su to root in many Linux distributions- is to use su and limit what each user can do.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo issue rpindy OpenBSD General 6 31st May 2010 04:12 PM
Vulnerabilities in sudo closed J65nko News 0 1st March 2010 05:16 PM
Installing sudo rex FreeBSD General 4 24th October 2008 12:40 AM
SUDO Wildcards jcatrysse FreeBSD Security 2 30th June 2008 07:18 AM


All times are GMT. The time now is 10:09 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick