It isn’t discouraged in openSUSE IMHO. It is just one of the ways to get a root owned process.
Personally I never use it, but I use
That - is crucial!
The implementation in KDE of the menu item “System” > “Terminal - Super User Mode” does do an su -. Thus that is the way I normally do it. It has also the avantage that I can give that terminal a different background colour as an alert.
AFAIK the default sudo configuration as installed with openSUSE results in the same allowances as su -. But in that case, I do not see any advantage in using the fat sudo over the tiny su - (and no surprises in case the sudo configuration is a bit different from what you assumed it is).
But I may be biased by the fact that su existed looooong before sudo.
I don’t think openSUSE is actively discouraging “sudo”. I think SuSE existed before “sudo” existed.
My view from early on is:
System administrators us “su” to get permission for their administrative tasks.
Other people use “sudo” to handle more limited responsibilities. For example, you could setup “sudo” so that some operational staff could use it to take backups but could not do other administrative tasks.
And then Ubuntu happened, and they adopted the policy that “sudo” was the way to administer the system. That’s one of the things that I dislike about Ubuntu.
I am fully with @nrickert. It seems that other distros (I am not that fluent in all of them, but I accept that it starts with Ubuntu) misuse sudo with the effect that the Linux world is full of advice to precede almost every command with sudo :(.
But the way sudo is configured on those systems differ from what openSUSE does by default. In short, you need the root password “to get Superuser status” and not the user password. And that is as it should be.
But I differ about the age of sudo. See https://en.wikipedia.org/wiki/Sudo.
I can add that it isn’t in the man pages of HP-UX 10.0 (1995, which I still have in print here), but it certainly was available then from other sources (univerity?) then or short after. We (my IT department) rejected it, because it was not from the provider Hewlett Packard and not opensource and thus we would have nobody to go to when there was a security hole).
I think Debian has both sudo and su, like openSUSE, but IIRC from somewhere in their forums, they think “sudo is the way to go because it’s safer than su: with sudo the root session ends as soon as command ends; with su you run the risk of the root shell remaining open”. Or so I understood…
su (and su -) is the real root account.
There’s a big difference between the two, for systems like openSUSE which supports “su” each will grant you different access although for many things there isn’t a difference. An example is if you’re administrating a relational database, it’s unlikely that sudo will work.
Many other distros have a philosophy that true root access (su) is too dangerous to allow User access under any circumstances so forces Users to use the slightly less privileged sudo.
As long as I’ve used openSUSE (since 10.7), it’s always supported Users invoking “su” – It’s not new and has not changed since “forever.”
As such, you can choose to use “sudo” all you want but to my knowledge no one has ever compromised openSUSE because “su” was permitted. Maybe someone has even compromised openSUSE but never publicized that happening… but the two most likely means I can think of can be addressed simply… By not leaving an elevated console running unattended and making your root password different than your default User (which is not default installation). It would be very, very difficult to somehow access and use elevated permissions normally.
That’s why I say that it’s a waste of effort to type “sudo” for every one of 100 commands instead of executing those commands in an elevated “su” console.
The reason is embedded in the comments of the default “/etc/sudoers” file:
## In the default (unconfigured) configuration, sudo asks for the root password.
## This allows use of an ordinary user account for administration of a freshly
## installed system. When configuring sudo, delete the two
## following lines:
Defaults targetpw # ask for the password of the target user i.e. root
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
****** In other words, on a freshly installed system, always “visudo” to disable the default (easy) behaviour and achieve this behaviour:
> LANG=C sudo something
[sudo] password for «*The user calling “sudo”*»:
«*The user calling “sudo”*» is not in the sudoers file. This incident will be reported.
I couldn’t see how the distro would favor one over another, since openSUSE packages both. Except on a minimal install su is available while sudo is not. That said I prefer sudo, since most of my tasks require a single command as root, and I have a few selected commands that won’t require the root password when called with sudo (systemctl, zypper, rpmconf, btrfs). For a single-user system this is convenient. For multi-user, multi-admin, sudo is even more convenient. Besides, with su I’d have a different set of dotfiles, which would be inconvenient for me.
So in the end it depends of the administrative needs…
By the way, there’s a multiboot USB tool that I use for installations of which I once talked about; the script that sets up the entire USB drive uses sudo and then gets back the username of original user in order to change ownership of the files copied to the USB.
Do you think this could be a reasonable use of sudo?