The root password is disabled by default so nobody can directly log into the root account.
However I can still log into root another way by doing sudo su and entering my own password, given that I am a member of the sudo group in /etc/group (as far as I know this is the only necessary condition).
Is this considered a bad practice to "backdoor" my way into the root account by using sudo su? Is it something to be avoided, and instead rely on using sudo command instead?
You question is more an opinion than anything else.
IMO best practice is to use sudo every time as sudo will log your commands, while sudo su will not (once you are root).
If that is too tedious I suggest sudo -i for better isolation between user and root accounts (environmental variables)
See https://help.ubuntu.com/community/RootSudo#Special_notes_on_sudo_and_shells
It is good practice to avoid performing more actions as root than you need to. sudo facilitates this by allowing you to run individual commands as root without having to log in as root and without needing an interactive root shell for tasks you would otherwise not run a shell to do. But sudo su is not a "backdoor," it is simply a somewhat less elegant way to do what sudo is designed to allow you to do with sudo -s. Similarly, sudo -i is the more elegant way to achieve what sudo su - would get you: a simulated initial login shell whose environment is like what you would get if you could log in as root on the command line. See man sudo.
Therefore it comes down to when you choose to run an interactive root shell and how you choose to use it. If you're using it to avoid having to bother deciding whether or not to run commands as root, that would be bad. If you find you are running many commands in it that don't require root privileges, then you should consider running those commands in a non-privileged shell instead, or reconsider if you really need a root shell at all. But there is nothing fundamentally wrong with using a root shell.
With or without opening a root shell, it is possible to use sudo in a way that harms your security. For example, please don't run Firefox or LibreOffice with sudo. The potential problems with running a root shell are mostly that you may end up performing actions as root unnecessarily, and in the course of doing so might make mistakes that are far more harmful when root does them. Therefore it is not sufficient to decide, "I'll just avoid this issue entirely by not running a root shell." It's quite reasonable to avoid running root shells, but that blanket choice still does not remove the need to be mindful when you do use sudo.
The Ubuntu help wiki page about sudo lists nine benefits of using sudo. Most but not all of these benefits apply fully to the use of sudo to open a shell, provided you are as careful of what you do in that shell as you are of what you do in individual commands you use with sudo. These are the exceptions--benefits of sudo that you do not fully enjoy when you use it to open a root shell:
- sudo adds a log entry of the command(s) run (in
/var/log/auth.log). If you mess up, you can go back and see what commands were run.
See also bodhi.zazen's answer. The one command you use to open that shell is still logged to auth.log, but the commands you run from it aren't.
- The authentication automatically expires after a short time (which can be set to as little as desired or 0); so if you walk away from the terminal after running commands as root using sudo, you will not be leaving a root terminal open indefinitely.
Although you should always be mindful of what commands you (or someone else) might run while you have an active sudo timestamp, using an interactive root shell elevates this need, because any command run in it until you exit the shell will be run as root without prompting you for a password.
In addition, one of the benefits is slightly attenuated when you use a root shell, though still largely intact:
- It avoids the "I can do anything" interactive login by default. You will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing.
If you were to pretend you were root and had no other user account while using this root shell, then of course you would lose this benefit entirely. However, when you run sudo -s, sudo -i, or another command that gives you a shell, you had already been in a non-root login (unless you do it from recovery mode or have enabled root logins), so this temptation is much easier to avoid.
That is, if you were logging in as root, you would likely do so in anticipation of needing to do things only root can do. With a root shell you start yourself, it is less tempting to use it unnecessarily because, for just a few commands, it's actually easier to run them individually with sudo--and because you're already logged in as yourself.
And there is also one benefit of sudo that people sometimes think is lost when one runs a root shell but they are completely mistaken to think so:
- sudo can be setup with a much more fine-grained security policy.
Running a root shell does not decrease this benefit at all, because it can only be done by users who are configured to be able to perform any actions, and thus does not let you do anything you couldn't do before by design. (This is another reason, deeper than the mere presence of the -s and -i options, that sudo su not really similar to a backdoor at all.)
Technically, it could also be done by users whom you have configured in sudoers to "only" be allowed to run root shells and nothing else! But that would be a very foolish configuration, since if a user can run a shell as root, they can perform any action as root. (You would have to undertake specific action to create this silly and dangerous situation for a user you intend to practically restrict.) There are many commands that are unexpectedly dangerous to allow any not-fully-trusted user to run as root--more than just shells and text editors. Any command that will generate an output file at a location the user specifies can be used to carry out a privilege escalation attack if it can be run by a user you do not intend to already be able to do whatever they choose as root.
If you choose to run an interactive shell as root, be very careful. Consider if this really helps you, and if you will end up doing more as root than you intend. Remember that, even on a system with just one human user, even though you can do bad things like deleting all your personal files without using sudo at all, performing actions as root does not merely make it possible for you to harm your Ubuntu system in more ways. If you do things as root that don't need to be done as root, you make it harder to reason about what harms are possible (or have occurred).
With that said, there are numerous common alternatives to using a root shell that are equally or more dangerous. For example, you might run a command without sudo, but it fails since you needed to run it as root, then use history expansion to run it with sudo. But are you sure you ran the right command? With sophisticated history expansion constructs like hoping sudo !f will run your last foo command, mistakes are extremely easy. But even with the basic !! to run the last command, mistakes happen. If you ran foo; bar and then run sudo !!, is it foo or bar that runs as root? If you're going to use history expansion with sudo, it's not enough to know the answer--you have to succeed at keeping it mind every time you do it.
For most situations, the way I recommend you avoid retyping when adding sudo to commands is simply to press the Up Arrow until you get to the command you needed to run sudo, press Home to get the beginning of the command, read the command carefully to ensure it's really what you want to do, then type sudo and a space. If the situations that tempt you to run a root shell--or to use more dangerous methods--are situations where it's reasonably convenient to just do that, then you don't need a root shell. And if you find yourself forgetting to type sudo (as many of us sometimes do, myself included), remember that you might also be forgetting other things, things that would make you glad you forgot to run the command as root.
/var/log/auth.log? Root activity is unlogged? – AJJ Oct 04 '17 at 17:24