DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

View Poll Results: Do you su or sudo?
su only: nothing can improve on a classic! 7 25.00%
sudo only: it's su on steriods! 7 25.00%
I use both! 13 46.43%
I only use the root account! 1 3.57%
Voters: 28. You may not vote on this poll

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default Do you su or sudo?

It has been awhile since we have had a site-wide poll!

All members of the BSD family have su(1). Some members make sudo available in their base installations, while others make it available as a package. Which is your preference & why?

As a bonus, for those running sudo(8), do you customize the default policy in any way?
Reply With Quote
  #2   (View Single Post)  
Old 18th July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

I use both, but I only use su(1) to switch users in the administration of PostgreSQL. Otherwise, I use sudo(8) approximately 95% of the time.

As for sudo(8) customizations:
  • Uncomment giving root access to the wheel group, but passwords still need to be specified:
  • Uncomment the option to suppress lecturing (I don't need the long message displayed upon first usage), & suppress the badgering quips if I misspell my password.
Reply With Quote
  #3   (View Single Post)  
Old 18th July 2011
Daffy Daffy is offline
Fdisk Soldier
 
Join Date: Jun 2010
Posts: 73
Default

Using sudo because it's in OpenBSD by default, and use it mainly to mount/write/delete files on some external hdds. Also I'm using sudo to add/delete/update packages.
Reply With Quote
  #4   (View Single Post)  
Old 18th July 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

I voted su only, though when I'm dealing with Linux I tend to use "sudo su" heh.

Really, if I'm doing something that requires root, I want a root shell...period. I don't want to have to repeatedly "power-up" the shell I'm in already haha.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #5   (View Single Post)  
Old 18th July 2011
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
ISO Quartermaster
 
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 589
Default

I voted for using both, but I use sudo only for very specific tasks, such as (un)loading VirtualBox kernel module, Killing geli drives, etc.
99.99% of time I use su
Reply With Quote
  #6   (View Single Post)  
Old 18th July 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I use both, but I only use su for non-root userids (such as for PostgreSQL, just like ocicat).

I use "sudo -s" if I want a root shell, rather than a single command.

My only modification to the default config is to enable sudo use without passwords (all of my systems have controlled access).
Reply With Quote
  #7   (View Single Post)  
Old 18th July 2011
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

I use su and/or a root shell. This combination was not in the poll so I didn't cast a vote so as not to pollute the statistics. The times I've looked at sudo, I found it totally opaque and decided not to use something I didn't understand. When I do admin tasks there's usually lots to do, so a root shell is very convenient. I know this is not considered good practice and I'm not recommending it to anyone. It has worked for me on home systems that are not regularly connected to the 'net. (Having written this, it seems likely I'll now go and delete the root filesystem by accident. )
Reply With Quote
  #8   (View Single Post)  
Old 18th July 2011
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

I use both, for various reasons.
Reply With Quote
  #9   (View Single Post)  
Old 18th July 2011
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

I use both with tendency to use su as little as possible once the system is setup.
Reply With Quote
Old 18th July 2011
classicmanpro's Avatar
classicmanpro classicmanpro is offline
Real Name: Turea Alexandru Teodor
Fdisk Soldier
 
Join Date: Oct 2010
Location: Sinaia, Romania
Posts: 51
Post

Code:
classicmanpro ~ % which sudo
sudo: Command not found.
Exit 1
I have no use for root access, other than update software packages.
__________________
A daemon in need is a daemon indeed.
Reply With Quote
Old 18th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default

Well, I have been using su exclusively, from now on I will do sudo to keep myself out of trouble.
Reply With Quote
Old 18th July 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

For a brief moment I considered voting for "I only use the root account!" just for the fun of it

Anyway,

I just use su, for two reasons:
1) I'm typically either the only user, or just one of a few who all have root access.
2) I always forget to type sudo before my commands.

Actually, I think the order might be reversed ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 19th July 2011
unicyclist unicyclist is offline
Real Name: Mike
Fdisk Soldier
 
Join Date: May 2008
Location: Alaska
Posts: 63
Default

My home machine(s) I use sudo maybe 5% of the time. I think after trying a linux (or two) distro, I got pretty tired of all the sudo stuff.
Reply With Quote
Old 19th July 2011
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,056
Default

I use sudo on the desktop machines but on production servers, I use only su.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
Old 19th July 2011
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

If I need a root shell (ie doing more than one thing as root) I use sudo su - to make sure I get a full root session (root ENV, root shell, root prefs, etc).

Otherwise, I use just sudo <command> for everything. Mainly to get an audit log of what I did and when. Especially on remote systems or ones I don't interact with very often.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
Old 21st July 2011
demonio demonio is offline
New User
 
Join Date: Jul 2011
Posts: 2
Default

sudo is soooooo buntus...
Reply With Quote
Old 21st July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by demonio View Post
sudois soooooo buntus...
I can only assume you are referring to Ubuntu. Note that sudo(8) is currently maintained by one of the OpenBSD developers. It is not a Linuxism imported into the *BSD world.

If you object to the restrictions that sudo places on users/administrators, note that this can be fine-tuned. A primary reason I created this thread was to advocate that sudo doesn't have to be taken with its default configuration. It is quite configurable.

An administrative problem with su(1) is that knowledge of the root password provides total access to a system. With sudo, an access policy can be constructed to provide limited access, & the root password doesn't have to be disclosed. From an administrative standpoint, this is a win when considering security.
Reply With Quote
Old 21st July 2011
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

We make fairly heavy use of sudoers file at work. Our backups account, for example, can run rsync without a password, but only when connecting from the backups servers. Our vidcon tech can manage/edit gatekeeper-related stuff on the firewalls but nothing else. Our helpdesk can run specific commands on remote servers, but only when connecting from the board office. And so on.

Much nicer than having 15-odd people knowing the root password.

But, the nicest thing about sudo is that every invocation is logged so we have an audit trail. Someone logged in as root (via console, su, ssh if enabled) can screw something up and we wouldn't know who did what or when.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
Old 22nd July 2011
Ninguem Ninguem is offline
Banned
 
Join Date: Jun 2011
Posts: 137
Default

My belief and practice - probably due to the blatant use of sudo in Ubuntu and the fact that anyone can su to root in many Linux distributions- is to use su and limit what each user can do.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo issue rpindy OpenBSD General 6 31st May 2010 04:12 PM
Vulnerabilities in sudo closed J65nko News 0 1st March 2010 05:16 PM
Installing sudo rex FreeBSD General 4 24th October 2008 12:40 AM
SUDO Wildcards jcatrysse FreeBSD Security 2 30th June 2008 07:18 AM


All times are GMT. The time now is 08:18 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick