Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Usage of sudo vs su

  1. #11
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,722
    Blog Entries
    2

    Default Re: Usage of sudo vs su

    sudo impersonates.
    su (and su -) is the real root account.

    There's a big difference between the two, for systems like openSUSE which supports "su" each will grant you different access although for many things there isn't a difference. An example is if you're administrating a relational database, it's unlikely that sudo will work.

    Many other distros have a philosophy that true root access (su) is too dangerous to allow User access under any circumstances so forces Users to use the slightly less privileged sudo.

    As long as I've used openSUSE (since 10.7), it's always supported Users invoking "su" -- It's not new and has not changed since "forever."
    As such, you can choose to use "sudo" all you want but to my knowledge no one has ever compromised openSUSE because "su" was permitted. Maybe someone has even compromised openSUSE but never publicized that happening... but the two most likely means I can think of can be addressed simply... By not leaving an elevated console running unattended and making your root password different than your default User (which is not default installation). It would be very, very difficult to somehow access and use elevated permissions normally.

    That's why I say that it's a waste of effort to type "sudo" for every one of 100 commands instead of executing those commands in an elevated "su" console.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  2. #12
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    1,903
    Blog Entries
    1

    Default Re: Usage of sudo vs su

    Quote Originally Posted by F_style View Post
    For some reason I have had a strange idea/doubt for a long time, and wondering if you could help me...

    Did usage of "sudo" over "su -" use to be discouraged on openSUSE in general in the past? Or is it just idea of mine?

    If not, when do you normally use one or the other?

    Thanks.
    I always run 'su -'. On systems insisting on "sudo ..." I run "sudo passwd" exactly once. Then I can use 'su -'.
    AMD Athlon 4850e (2009), openSUSE 13.1, KDE 4, Intel i3-4130 (2014), i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), openSUSE Tumbleweed, KDE Plasma 5

  3. #13
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,364

    Default Re: Usage of sudo vs su

    Quote Originally Posted by malcolmlewis View Post
    If you want to use sudo, then it's better to configure the sudoers file since it's not really configured....
    The reason is embedded in the comments of the default “/etc/sudoers” file:
    Code:
    ## In the default (unconfigured) configuration, sudo asks for the root password.
    ## This allows use of an ordinary user account for administration of a freshly
    ## installed system. When configuring sudo, delete the two
    ## following lines:
    Defaults targetpw   # ask for the password of the target user i.e. root
    ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
    ** In other words, on a freshly installed system, always “visudo” to disable the default (easy) behaviour and achieve this behaviour:
    Code:
     > LANG=C sudo something
    [sudo] password for «The user calling “sudo”»: 
    «The user calling “sudo”» is not in the sudoers file.  This incident will be reported.
     >
    And, in the systemd Journal:
    Code:
    Okt 01 13:27:35 xxx sudo[21600]: pam_kwallet5(sudo:auth): (null): pam_sm_authenticate
    Okt 01 13:27:35 xxx sudo[21600]: pam_kwallet5(sudo:auth): pam_kwallet5: Couldn't get password (it is empty)
    Okt 01 13:27:46 xxx sudo[21600]:      ?? : user NOT in sudoers ; TTY=pts/3 ; PWD=/home/?? ; USER=root ; COMMAND=something
    Okt 01 13:27:46 xxx postfix/pickup[21286]: D913340347: uid=0 from=<root>
    Okt 01 13:27:46 xxx postfix/cleanup[21610]: D913340347: message-id=<20201001112746.D913340347@xxx.Domain>
    Okt 01 13:27:46 xxx postfix/qmgr[2514]: D913340347: from=<root@xxx.Domain>, size=477, nrcpt=1 (queue active)
    Okt 01 13:27:46 xxx postfix/local[21612]: D913340347: to=<root@xxx.Domain>, orig_to=<root>, relay=local, delay=0.12, delay>
    Okt 01 13:27:46 xxx postfix/qmgr[2514]: D913340347: removed
    And, the mail sent to the user “root” is:
    Code:
    >N  1 ??@xxx.Domain Thu Oct  1 13:27   16/613   *** SECURITY information for xxx ***
    with content:
    Code:
    xxx : Oct  1 13:27:46 : ?? : user NOT in sudoers ; TTY=pts/3 ; PWD=/home/?? ; USER=root ; COMMAND=something
    IMHO, this is reasonable system security …

  4. #14
    Join Date
    Mar 2020
    Location
    São Leopoldo, RS, Brazil
    Posts
    240

    Default Re: Usage of sudo vs su

    Great topic with great insights.

    I couldn't see how the distro would favor one over another, since openSUSE packages both. Except on a minimal install su is available while sudo is not. That said I prefer sudo, since most of my tasks require a single command as root, and I have a few selected commands that won't require the root password when called with sudo (systemctl, zypper, rpmconf, btrfs). For a single-user system this is convenient. For multi-user, multi-admin, sudo is even more convenient. Besides, with su I'd have a different set of dotfiles, which would be inconvenient for me.

    Quote Originally Posted by dcurtisfra View Post
    ** In other words, on a freshly installed system, always “visudo” to disable the default (easy) behaviour and achieve this behaviour:
    Code:
     > LANG=C sudo something
    [sudo] password for «The user calling “sudo”»: 
    «The user calling “sudo”» is not in the sudoers file.  This incident will be reported.
     >
    Relevant xkcd: https://xkcd.com/838/
    openSUSE Tumbleweed

  5. #15
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    1,944

    Default Re: Usage of sudo vs su

    This thread reminds me of discussions whether vi or emacs is better
    Best regards,
    Greg

  6. #16

    Default Re: Usage of sudo vs su

    So in the end it depends of the administrative needs...

    By the way, there's a multiboot USB tool that I use for installations of which I once talked about; the script that sets up the entire USB drive uses sudo and then gets back the username of original user in order to change ownership of the files copied to the USB.

    Do you think this could be a reasonable use of sudo?

  7. #17
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,722
    Blog Entries
    2

    Default Re: Usage of sudo vs su

    Quote Originally Posted by awerlang View Post
    Great topic with great insights.

    I couldn't see how the distro would favor one over another, since openSUSE packages both. Except on a minimal install su is available while sudo is not. That said I prefer sudo, since most of my tasks require a single command as root, and I have a few selected commands that won't require the root password when called with sudo (systemctl, zypper, rpmconf, btrfs). For a single-user system this is convenient. For multi-user, multi-admin, sudo is even more convenient. Besides, with su I'd have a different set of dotfiles, which would be inconvenient for me.



    Relevant xkcd: https://xkcd.com/838/
    What minimal install are you describing?
    I haven't yet run into any openSUSE install where sudo wasn't installed.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  8. #18
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,722
    Blog Entries
    2

    Default Re: Usage of sudo vs su

    Quote Originally Posted by F_style View Post
    So in the end it depends of the administrative needs...

    By the way, there's a multiboot USB tool that I use for installations of which I once talked about; the script that sets up the entire USB drive uses sudo and then gets back the username of original user in order to change ownership of the files copied to the USB.

    Do you think this could be a reasonable use of sudo?
    Why not just su to whatever User you want to be logged in as and then perform whatever operations as that User?

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #19
    Join Date
    Mar 2020
    Location
    São Leopoldo, RS, Brazil
    Posts
    240

    Default Re: Usage of sudo vs su

    Quote Originally Posted by tsu2 View Post
    What minimal install are you describing?
    I haven't yet run into any openSUSE install where sudo wasn't installed.

    TSU
    sudo is not a required package of anything I have installed. So deselecting "Recommended packages" in the installer is one way. Probably the literal "Minimal install" as well.
    openSUSE Tumbleweed

  10. #20
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,722
    Blog Entries
    2

    Default Re: Usage of sudo vs su

    Quote Originally Posted by awerlang View Post
    sudo is not a required package of anything I have installed. So deselecting "Recommended packages" in the installer is one way. Probably the literal "Minimal install" as well.
    OK, if that is how you're doing it,
    Plenty of packages can be not installed by choice.

    Was thinking along lines of default installs of JeOS, server(text only) installs.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •