Linked by Eugenia Loli on Wed 22nd Mar 2006 02:44 UTC
Mac OS X In Mac OS X, the root account is disabled by default. The first user account created is added to the admin group and that user can use the sudo command to execute other commands as root. The conventional wisdom is that sudo is the most secure way to run root commands, but a closer look reveals a picture that is not so clear.
Thread beginning with comment 106606
To read all comments associated with this story, please click here.
Member since:

With sudo, you type every command that requires root privilege with "sudo command". With a root shell, you only type "command". The problem is "accident". With a root shell, it is possible that you do some wrong thing that is unrecoverable by, e.g., mis-typing. That's a danger of using root account that I think a lot of us experienced before. In my experience, if I explicitly use "sudo command", I am effectively saying that "I know I am doing administrative work, I know I need precautions, I am not typing wrong commands and I know what I am doing". Just in case you know you typed something wrong in the command after pressing enter, you still have a chance because sudo requires a password in order to run, not run immediately like the root shell.

Reply Score: 4

ormandj Member since:

Oddly enough, I make far more mistakes using sudo than not.

When I su, I do it for a purpose, and once I'm done, I exit.

When I sudo, I get tired of typing sudo on every line, so i just hit the up arrow key to repeat last line, and delete to the sudo, and type the new command. The issue is, when I'm working on something quickly, I get careless, sometimes I might leave part of the old command there. Or sometimes I accidently hit enter with the old line there (bad for a rm -rf * when you've changed dirs!) Etc. It just makes me really go out of my way to type that stupid "sudo" every time I want to run a command, so I've nearly brainwashed myself/my fingers into typing it with every command. I don't even think about it anymore, it just appears. This causes mistakes

I guess it all depends on the person. I grew up with unix, and having a root shell is what I'm used to. I don't screw around when I'm root, I do what I need to do, and then I logout. Most old salt sys admins would say the same thing. Sudo just seems like a bandaid to avoid people learning the hard way to be careful. Unfortunately, for most, it doesn't add up to any more security/safety, and it doesn't teach you any good habits. Thinking "oh, I have to type sudo, therefore I won't make mistakes" == disaster waiting to happen.

This isn't a flame btw, please don't misunderstand me. Each person has their preferences, and I'm sure for some people sudo might be safer. It just doesn't seem to be for the majority of the admins I've been around, nor for myself. ;)

Reply Parent Score: 3

theine Member since:

Your whole post is moot because you can always do sudo -i and get a root shell.

Reply Parent Score: 2