Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Purpose of sudo
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Purpose of sudo

is sudo really about security or just more of a "prevent myself from doing dumb shit by mistake" feature?

If it's the former, what are some of the things sudo protects your server from if say, a sudo account is compromised/hacked?

Comments

  • yoursunnyyoursunny Member, IPv6 Advocate

    sudo is for security, but not for when a sudoer account is compromised.
    For desktop user, if you login as root, you would be running your text editor and browser as root.
    A buffer overflow in those programs would cause a major problem.
    sudo provides some isolation.

  • YES i know and its like

    and Happy Birthday Green Cloud.

  • DPDP Administrator, The Domain Guy
    edited October 2022

    A compromised sudo account is like a burglar who knows your address and has your house keys.

    Thanked by 2AndrewL64 ariq01
  • AndrewL64AndrewL64 Member
    edited October 2022

    @DP said:
    A compromised sudo account is like a burglar who knows your address and has your house keys.

    Using that same analogy, what is a compromised root account like then?

  • DPDP Administrator, The Domain Guy

    @AndrewL64 said:

    @DP said:
    A compromised sudo account is like a burglar who knows your address and has your house keys.

    Using that same analogy, what would be a compromised root account then?

    Similar.

    But things also depends on how the system's secured/hardened.

    The house keys would be useless if you can't get to the door :smiley:

  • jarjar Patron Provider, Top Host, Veteran
    edited October 2022

    Root: Access to the whole house

    Privileged user: Access to a room

    Sudo user: Access to a room with the privilege of accessing the rest of the house

    There's room for nuance there but that's pretty much how I like to think of it at a high level. While sudo can and does provide some protections (ex. Apps running as privileged user by default) it isn't that much of a safety net inherently, depends on the situation.

  • @DP said: The house keys would be useless if you can't get to the door

    like you have to knock a series of 10 doors in correct order to open the main door :D

    also you can configure sudo to ask for password, so you are aware if some random script requires sudo access.

  • jon617jon617 Veteran
    edited October 2022

    @AndrewL64 said: is sudo really about security or just more of a "prevent myself from doing dumb shit by mistake" feature?

    On a system that will always have one user/admin, it's mostly to prevent myself from a mistake. The extra step of the system giving me "permission denied" or prompting me for my sudo password had given me the extra moment to catch myself from doing the wrong thing. It also can be be a security benefit, if I forget to lock my computer and someone sits at my screen, they can't do anything that bad because sudo prompts for my password.

    It's bad practice to run a root shell.

    On a system with multiple users or automated tasks, it is about security and convenience. With sudo, I can give certain users privilege to run everything or just specific things even without a password prompt. On a crowded system, logging users' sudo commands can be helpful in troubleshooting issues. For automation, an example is a virtual machine that I frequently run on my laptop to do some automated tasks then exit, so it runs sudo shutdown -h now when done. My sudoers gave the user rights to run shutdown and with no password prompt, so no interaction needed by me when the automation completes. Since shutdown is the only privileged command allowed, the automation can't change anything on the system.

  • stefemanstefeman Member
    edited October 2022

    sudo is a compromise between security and usability.

    You don't want to run everything as root by default even if you could, but then again, a normal user is very limited without ability to run selective commands with root privileges.

    If you run services on normal user without sudo, someone is less likely to gain access via misconfigured stuff compared to if the entire service was running as a root.

    If a malicious user gains access directly to sudo account via SSH, then your fucked anyway.

  • stefemanstefeman Member
    edited October 2022

    @AndrewL64 said:

    @DP said:
    A compromised sudo account is like a burglar who knows your address and has your house keys.

    Using that same analogy, what is a compromised root account like then?

    The house owner whos so drunk that he invites the burglar inside, thinking it's his wife and helps him rob his own house, and then forgets that the entire thing ever happened.

  • can I track what the sudo user doing by checking their .bash_history on their home dir?

  • @ariq01 said:
    can I track what the sudo user doing by checking their .bash_history on their home dir?

    /var/log is better

  • cochoncochon Member
    edited October 2022

    @stefeman said:

    @ariq01 said:
    can I track what the sudo user doing by checking their .bash_history on their home dir?

    /var/log is better

    On Debian based systems sudo actions are logged into blocked by LET by default, Redhat used to have something similar in blocked by LET.

    Edit: I'll try and add the blocked info via edit, mmm failed. There are specific default log files on these systems you'll have to Google for them I'm afraid. LET won't let me post them.

    Edit: Let's try as \var\log\auth.log and \var\log\secure, yay success... obviously change the slashes

  • fredo1664fredo1664 Member
    edited October 2022

    In the sudoers file you can restrict what commands each user can run as root. If you are alone on the system you will probably give yourself all the commands, but on a system with multiple users, a compromised account is limited to what is allowed in the sudoers file, so there's that...

    Edit: exactly what @jon617 said, I need to start reading threads before answering...

    Thanked by 1ariq01
  • True man does not use sudo, they use su. Have concerns? Sue them.

    Thanked by 1jon617
  • TBH I mostly use "sudo bash" in preference to "su" as you don't need to type a password. I'm not even sure what the root password is on most of my machines and every account I create has --disabled-password because I just use SSH keys for everything. My nested VMs don't have root passwords either.

  • @stefeman said:
    sudo is a compromise between security and usability.

    Correct me if I'm wrong but based on what I read in articles & StackExchange threads about sudo, it seems like sudo is more of a usability feature that has nothing to do with security though.

  • Well sudo was meant for super users to do something but these days super users are not doing anything so i guess we can say sudo is useless rn.

  • stefemanstefeman Member
    edited October 2022

    @AndrewL64 said:

    @stefeman said:
    sudo is a compromise between security and usability.

    Correct me if I'm wrong but based on what I read in articles & StackExchange threads about sudo, it seems like sudo is more of a usability feature that has nothing to do with security though.

    The security part is to install/manage/run services with normal user permissions, rather than having to use root for everything, and ability to whitelist commands and therefore blocking other commands which the "restricted admin" can or cannot do with sudo.

  • emgemg Veteran
    edited October 2022

    I have four types of accounts on my typical Linux and UNIX systems:

    • Unprivileged remote access - This account has no privileges. It has the public key to authenticate remote SSH sessions. It is the only account that has remote access privileges. To do work on the server, you are expected to "su" to another account after you connect with this account.
    • Unprivileged user account(s) - These regular user accounts are used to do ordinary unprivileged work on the server. They are not on the sudo'ers list.
    • Admin account - This account has sudo'er privileges. It can use "sudo su ..." to become root. It is used for server configuration changes, updates, upgrades, installing software, etc.
    • Root account - Not used. Use "sudo". Disabled on those systems where allowed. Otherwise, the root account is given a strong, unique, random password and not normally used.

    I have operated under the assumption that if an attacker manages to escalate privileges from an unprivileged user account to the admin account, they may have accomplished it through an exploit where they do not learn the password or have the privilege to change it. Sudo may still offer a small additional layer of protection.

    I like the other "convenience" features of sudo, which can hide dangerous commands or remind you that sudo or root privileges are required.

  • Yeah, normally I use sudo bash as I can set it up to not need the password. This means that normally I'm safe fro doing accidental damage to my environment, but it's easy to drop into root when I need it.

    The other use case is where I'm a normal user of a machine, but have a legitimate need to do some privileges operations. In this case, some of my DNS domains are on someone else's server and I have sudo permission for rndc reload $specific_domain and nothing else. Arguably, there could also be a non-privileged way of trigger a zone reload, but in this case there isn't.

Sign In or Register to comment.