Real SysAdmins don’t sudo – Book excerpt
Last Updated on March 2, 2024 by David Both
Author’s note: This article was originally written several years ago and has appeared on Opensource.com as well as here on Both.org. I have updated it so it can be used as part of a new series about sudo vs su.
I was just reading a very interesting article that contained some good information about a Linux feature that I want to learn about. I won’t tell you the name of the article, what it was about, or even the web site on which I read it, but the article just made me shudder.
The reason I found this article so cringe-worthy is that it prefaced every command with the sudo command. The issue I have with this is that the article is allegedly for SysAdmins and real SysAdmins don’t use sudo in front of every command they issue. This is a gross misuse of the sudo command and I have written about this type of misuse in my book, “The Linux Philosophy for SysAdmins.” The following is an excerpt from Chapter 19 of my book.
sudo or not sudo
I think that part of being a System Administrator and using your favorite tools is to use the tools we have correctly and to have them available without any restrictions. In this case I find that the sudo command is used in a manner for which it was never intended. I have a particular dislike for how the sudo facility is being used in some distributions, especially because it is employed to limit and restrict access by people doing the work of system administration to the tools they need to perform their duties.
“[SysAdmins] don’t use sudo.”
Paul Venezia
Venezia explains in his InfoWorld article that sudo is used as a crutch for SysAdmins. He does not spend a lot of time defending this position or explaining it. He just states this as a fact. And I agree with him – for SysAdmins. We don’t need the training wheels in order to do our jobs. In fact they get in the way.
Some distros, such as Ubuntu, use the sudo command in a manner that is intended to make the use of commands that require elevated (root) privileges a little more difficult. In these distros it is not possible to login directly as the root user so the sudo command is used to allow non-root users temporary access to root privileges. This is supposed to make the person a little more careful about issuing commands that need elevated privileges such as adding and deleting users, deleting files that don’t belong to them, installing new software, and generally all of the tasks that are required to administer a modern Linux host. Forcing SysAdmins to use the sudo command as a preface to other commands is supposed to make working with Linux safer.
Using sudo in the manner it is by these distros is, in my opinion, a horrible and ineffective attempt to provide novice SysAdmins with a false sense of security. It is completely ineffective at providing any level of protection. I can issue commands that are just as incorrect or damaging using sudo as I can when not using it. The distros that use sudo to anesthetize the sense of fear that we might issue an incorrect command are doing SysAdmins a great disservice. There is no limit or restriction imposed by these distros on the commands that one might use with the sudo facility. There is no attempt to actually limit the damage that might be done by actually protecting the system from the users and the possibility that they might do something harmful – nor should there be.
So let’s be clear about this – these distributions expect the user to perform all of the tasks of system administration. They lull the users – who are really System Administrators if you remember my list from Chapter 1 – into thinking that they are somehow protected from the effects of doing anything bad because they must take this restrictive extra step to enter their own password in order to run the commands.
Bypass sudo
Distributions that work like this usually lock the password for the root user and Ubuntu is one of these distros. This way no one can login to root and start working unencumbered. …
Note: I have deleted experiment 19-1 to save space but you can find that information here on my technical web site.
Please do not misunderstand me. Distributions like Ubuntu and their up- and down-stream relatives are perfectly fine and I have used several of them over the years. When using Ubuntu and related distros, one of the first things I do is set a root password so that I can login directly as root.
Valid uses for sudo
The sudo facility does have its uses. The real intent of sudo is to enable the root user to delegate to one or two non-root users, access to one or two specific privileged commands that they need on a regular basis. The reasoning behind this is that of the lazy sysadmin; allowing the users access to a command or two that requires elevated privileges and that they use constantly, many times per day, saves the SysAdmin a lot of requests from the users and eliminates the wait time that the users would otherwise experience. But most non-root users should never have full root access, just to the few commands that they need.
I sometimes need non-root users to run programs that require root privileges. In cases like this I set up one or two non-root users and authorize them to run that single command. The sudo facility also keeps a log of the user ID of each user that uses it. This might enable me to track down who made an error. That’s all it does; it is not a magical protector.
The sudo facility was never intended to be used as a gateway for commands issued by a SysAdmin. It cannot check the validity of the command. It does not check to see if the user is doing something stupid. It does not make the system safe from users who have access to all of the commands on the system even if it is through a gateway that forces them to say “please” – That was never its intended purpose.
“Unix never says please.”
Rob Pike
This quote about Unix is just as true about Linux as it is about Unix. We SysAdmins login as root when we need to do work as root and we log out of our root sessions when we are done. Some days we stay logged in as root all day long but we always work as root when we need to. We never use sudo because it forces us to type more than necessary in order to run the commands we need to do our jobs. Neither Unix nor Linux asks us if we really want to do something, that is, it does not say “Please verify that you want to do this.”
Yes, I dislike the way some distros use the sudo command.