The sudo fraud

Dear systems engineers,

It really amazes me how people are fine with typing sudo all the time. A kitten is denied a new toy for another day when you do this!

cat-96877_640

Typing sudo locally all the time

Is it really simpler for you to type sudo all the time rather than having one terminal tab open with a root shell? Besides, some systems even ask for a password when you run a sudo command. Be honest with yourself, are you a masochist?

Using sudo on servers

Security

Intro: each Amazon image comes with standard username for logging in. Never seen anyone changing that username.

Supposedly, the attacker would need to know the username in addition to your stolen private key. Right… and it’s not one of these: ubuntu, admin, ec2-user, centos … and looking at your ssh banner won’t give any clue as to which username is used:

SSH-2.0-OpenSSH_... Ubuntu..
SSH-2.0-OpenSSH_... Debian...
SSH-2.0-OpenSSH_6.6.1

OK, Amazon Linux did some homework but who uses it anyway. Red Hat also doesn’t say what it is. Both use ec2-user… You could customize the username but did you? So much for knowing the username.

Or maybe you think the potential attacker would not be able to run  sudo -i ?

“It stops you from doing stupid things”

Really? Do you do a mental pause and re-read your command once again when you type sudo? I’ve seen this not happening. If you are like me and you manage the servers, a big portion of commands require root, so people are just typing sudo without thinking.

Better train yourself to make a mental pause before executing destructive commands.

Conclusion

We could launch an another space mission if we would use the time people wasted on typing sudo . If you manage a server, use root. It really saves time. Do you really enjoy redoing half of your commands after “oh.. I forgot sudo … again”?

Are you afraid to kill the server? If killing one server is such a great deal, your situation might really be special but chances are that you just don’t manage your servers right. Fix that instead of typing sudo again and again.

And guys… have fun with your servers!

Update 2016-07-09 05:58 UTC

Just to be clear: Please note it’s filed under the “Rant” category. The post has some valid points but don’t take it too seriously. Use your best judgment to decide which parts of the above apply to your situation.

10 thoughts on “The sudo fraud

  1. It’s all fun and games until you alt+tab from your porn window back to your environment, but go one too many windows and hit your root login and start wiping things out in a directory you didn’t realize you were in. Read a few articles in Feedly, alt+tab+tab+tab, snuff out /bin, DOH!

    Like

  2. Well… I understand your point of view about sudo, and similar tools, but I do not share it.
    Every tool has a purpose, and I (naively) think that most of them were designed for a particular task or use case. This is not different in the case of sudo. You, as a human being, have the opportunity to decide if you use things the way they should be used, find an alternative use case, or a different place for it in your life (and the trash can is also a place for some).
    sudo is a tool for changing roles. It is not only able to gain root privileges, but you can also use it to run commands in the name of some privileged users. Like if you run some application under a separate user, which has every right to run that, but it is still not a superuser.
    Today, this counts as a bare minimum level for server security, and the usage of the root account is reduced to the minimum by delegating tasks to privileged users. Not to mention far more advanced solutions, like containers, which actually have an own root account, which fakes to have the same powers, but it actually does not have them.
    Unexperienced sysadmins may think that this is a useless thing. After some years, you will realize that every command has some sort of effect, some more, some less; and some will definitely have business level impact. Positive, or negative, it depends on how sure your hand is at the terminal, and if you hit [ENTER] on something unintendedly nasty, or not. It is your responsibility.
    What can happen because of a really-really bad command?
    Gasoline cargo truck may not be able to plan its optimal route. ISP may be unable to send a technician on-site. Alerts may not be sent to the Fire Department automatically in case of fire. ATMs may not service customers anywhere. Airplane may not take off. It depends on what kind of system is in your # hands. But they may have huge impact on business, which costs unimaginable money.

    Like

  3. well, lets talk about what sudo is good for:

    “everyday” use: sudo su gives you 3 tries to type in your password, while just “su” is kind of annoying (imo.) this is probably not enough reason to install sudo.

    then there is the “let people (including yourself) add tasks that can be done without typing / having the root password” case that sudo is really designed for. great for larger setups with multiple users/families. must configure /etc/sudoers accordingly.

    no one seriously promotes sudo before every command except ubuntu, right? i mean theyre trying to make it look like theres a feature to protect you, so when you say “i broke it” they can say “use sudo next time.” its sort of an elephant whistle, except it might actually help 1 time out of 10 or 20.

    more a place to start than a way of life, imo. (kind of like ubuntu.)

    Like

  4. There is no black or white answer. In the case of sudo it is a matter of how much security do you need.
    Some users might require sudo because it traces all commands, but it could be still password-less (we used that for a team of developers so that they could tweak there Linux workstation to their liking but easily backtrack if the system got broken).
    Or you want many layers of security (the onion approach), for instance sudo requires a password and only a define subset of commands are allowed. Someone might have breached your ssh login (remember Debian troubles almost ten years ago now when it generated weak ssh keys) but you want to have other layers of security in place.
    About your rant regarding not using sudo and being able to make another space mission, you forgot that those using always root and who don’t have good backup (believe me there are sadly many out there) we lost many more times recovering there lost work when sh*t happen. And when you’re after building a new space mission Murphy is lurking around to mess tremendously with you!! 😉
    So each of us shall decide if sudo is relevant or not for them.

    PS: I’m one of those guys who change the default username of any appliance be it an Amazon cloud image or my home router or Raspberry Pi.
    PS: and I’m one of those guys participating in building or supporting space missions!

    Like

    • Sure sudo has it’s uses. I’m just against mindless usage of it just because it’s the default setup. For me, working as root has saved a lot of time and caused almost no trouble (which was done by another person working as root). Again, if one’s machines are so precious do whatever is needed. If it’s just another stateless web server – it’s another story.

      Like

  5. “sudo su”? You’re doing it wrong. Think about what you’re doing there: you’re invoking a privilege escalation tool to invoke a privilege-escalated instance of a *different* privilege escalation tool to start a privilege-escalated command shell.

    The point of “su”, like “sudo”, is to turn you into the privileged superuser. (Yes, this is oversimplified, but we’re only talking about becoming root here.) If you’re already the privileged superuser (and you are, because) then there is quite literally absolutely no point invoking su.

    What you want is “sudo bash”. But you don’t even want that, because sudo has got you covered. What you want is “sudo -s” or “sudo -i”. That’s exactly what you want and not a bit more: invoking a privilege escalation tool to start a privilege-escalated command shell.

    Like

  6. i almost never use sudo because i do not want to mix root-level commands and normal commands in the same history. when i search my command history i never ever want to accidentially run a sudo command when i didn’t intend to. i run tmux, and whenever i need root, i have to switch terminals. takes just as much thought and effort as typing sudo, but it avoids mixing history.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s