Root Vs. SUDO
- 0
- Add a Comment
- No Related Post
I thought that it was a good time to address a very old discussion about the benefits of sudo opposed to root access. After reading a good article on Slashdot about this, I got inspired to address it on my blog! If you absolutely don’t know what sudo or root is, this could be a tough read, but I’ll try to explain it a bit.
Gaining root access to a system means that you are able to do anything on this system without having to worry about any permission limitations. In other words: You have total control. The downside is that you can totally mess up your system, because you don’t have any limitations on what you can do.
So what are the differences between sudo and root? Root gives you “open access,” meaning once it’s open, anything can run with root permissions. The sudo command keeps the root account closed but permit action on a command by command basis. You have to consider that if the username and password are compromised, there is no difference between root and sudo.
For example; when you’re doing some maintenance, and you work in a root environment, you could, for example, make a mistake and delete an important directory which could cause some major problems. When you’re logged on as root, the directory will get deleted without any warning. If you’re using sudo, you get prompted for a username and password. Once you enter the username and password, the folder gets deleted. You get some extra security when you use sudo instead of the root account.
There are some other benefits why people like to use the sudo command instead of root access. Nobody can access your system as root and there is extra logging going available. Every time a user executes the “sudo command,” it’s getting displayed in the system logs, which shows you who executed a command and on what time and date it was executed.
So, you could say that using sudo is “the way to go.” Like always there is a big “but.” It’s very easy to find away to avoid the logging in sudo mode and access full root access. By executing the command sudo -s you can start a terminal with root access which gives you the same environment as you would when your using a root account.
I would conclude in saying that, if you’re using servers or systems with multiple users you really should not enable your root account and work with the sudo command instead. To be honest the first thing I do is enable the root account on my systems, but I would never enable it on my servers where other administrators also do their work. This is a little saver, not much, but only a little.
[tags]password,security,directory,root,sudo,open access[/tags]