Dear systems engineers,
It really amazes me how people are fine with typing
sudo all the time. A kitten is denied a new toy for another day when you do this!
Typing sudo locally all the time
Is it really simpler for you to type sudo all the time rather than having one terminal tab open with a root shell? Besides, some systems even ask for a password when you run a sudo command. Be honest with yourself, are you a masochist?
Using sudo on servers
Intro: each Amazon image comes with standard username for logging in. Never seen anyone changing that username.
Supposedly, the attacker would need to know the username in addition to your stolen private key. Right… and it’s not one of these: ubuntu, admin, ec2-user, centos … and looking at your ssh banner won’t give any clue as to which username is used:
SSH-2.0-OpenSSH_... Ubuntu.. SSH-2.0-OpenSSH_... Debian... SSH-2.0-OpenSSH_6.6.1
OK, Amazon Linux did some homework but who uses it anyway. Red Hat also doesn’t say what it is. Both use
ec2-user… You could customize the username but did you? So much for knowing the username.
Or maybe you think the potential attacker would not be able to run
sudo -i ?
“It stops you from doing stupid things”
Really? Do you do a mental pause and re-read your command once again when you type
sudo? I’ve seen this not happening. If you are like me and you manage the servers, a big portion of commands require root, so people are just typing
sudo without thinking.
Better train yourself to make a mental pause before executing destructive commands.
We could launch an another space mission if we would use the time people wasted on typing
sudo . If you manage a server, use root. It really saves time. Do you really enjoy redoing half of your commands after “oh.. I forgot sudo … again”?
Are you afraid to kill the server? If killing one server is such a great deal, your situation might really be special but chances are that you just don’t manage your servers right. Fix that instead of typing
sudo again and again.
And guys… have fun with your servers!
Update 2016-07-09 05:58 UTC
Just to be clear: Please note it’s filed under the “Rant” category. The post has some valid points but don’t take it too seriously. Use your best judgment to decide which parts of the above apply to your situation.