What's wrong with using sudo?

Question

In a comment here I've been told that unnecessarily using sudo should be avoided. While it wasn't needed in that particular case, I don't see any harm in using it.

I think that when executing trivial programs like cat as root using sudo, the overall risk of hitting a bug that would somehow compromise system security is very low.

So can someone please point out the possible implications, besides typing 4 more characters and a space?

"Note that if I can get you to "su and say" something just by asking, you have a very serious security problem on your system and you should look into it." (By Paul Vixie, vixie-cron 3.0.1 installation notes) — , Nov 04 '14 at 22:51
Community wiki also says: "You could type a command incorrectly and destroy the system" — Pandya, Nov 05 '14 at 01:56
When writing this question I unintentionally forgot to exclude poor consciousness or utter stupidity, sorry for that. Being someone who uses Linux since 14 years, it seemed obvious to me that when executing commands using sudo or as root you have to exercise caution and actually know what you're doing and check what you're typing. I wanted to delete the question, but I recognize that this Q/A helps users with less experience so I'll just let it stand. — Jan, Nov 05 '14 at 10:29
Mistakes arising from improper use of escalated permissions do not actually compromise "system security" that often, but system stability and data integrity are much easier and frequent targets. And the bug most likely to cause such mistakes is not in software, but of PEBCAK nature. — SaltyNuts, Nov 05 '14 at 21:44
Principle of least privilege. You don't know that anything bad will happen, but you don't know that it won't either. If you're careful you'll limit your exposure to bad things. "Not typing sudo" doesn't sound like very hard work to me :) — hobbs, Nov 07 '14 at 08:21
If you blindly preface commands with sudo you risk finding yourself in this guy's shoes. — dotancohen, Nov 09 '14 at 12:00

score 71 · Accepted Answer · edited Nov 05 '14 at 01:47

71

The risk of a typo is more than the risk of a bug.

The risk of gaining a habit of "it doesn't work, stick sudo on it!" is much higher than the risk of a bug.

As a sysadmin who's seen people execute all sorts of random commands with sudo that didn't need them, I always caution against superfluous usage of sudo.

While cat isn't harmful, the habit that this encourages is.

edited Nov 05 '14 at 01:47

Pandya

35,771
44
128
188

answered Nov 04 '14 at 22:25

muru

197,895
55
485
740

2

Example: sudo cat /etc/group (harmless, but the sudo isn't needed) versus sudo cat >/etc/group (oops!). – Nov 04 '14 at 22:55
8

@BenCrowell close (but sudo wouldn't apply on the redirection). – muru Nov 04 '14 at 23:01
13

The habit of just adding sudo is indeed a very dangerous one. Rather one should stop and ask "why do I need sudo here?" And if you don't know a good reason, chances are you made some other mistake in the command. Just adding whatever it takes to make error messages go away lead you to mistakes like this one: http://serverfault.com/questions/587102/monday-morning-mistake-sudo-rm-rf-no-preserve-root (My favorite comment is the one asking "How do you even type --no-preserve-root accidentally?") – kasperd Nov 04 '14 at 23:44
22

svn update. Eugh conflicts. I know. sudo svn update. I've actually seen this... – Boris the Spider Nov 04 '14 at 23:44
8

I don't use subversion but I'd guess that using something like sudo svn update would also completely mess up permissions - leaving you in a worse state than you were to start with. – daboross Nov 05 '14 at 04:29
5

@DaboRoss I think that should be included in @muru's answer, because this is one of the pitfalls of using sudo: you might end up creating files that are only accessible by invoking sudo again. – Sanchises Nov 05 '14 at 12:23
2

The risk of security problems, separate from typos, is actually bigger than one might think. See for example: http://lcamtuf.blogspot.ca/2014/10/psa-dont-run-strings-on-untrusted-files.html – user50849 Nov 06 '14 at 07:38
2

A while ago I made a directory called etc in my home directory. To delete it again, I wanted to type sudo rm -R ./etc but I forgot the dot. Bye system. – ONOZ Nov 07 '14 at 09:17
1

I'm a bit confused. Isn't the real problem giving people who shouldn't have sudo access sudo permission or not properly restricting their sudo access to prevent issues? In other words this sounds more like a management or sysadmin failure than a user failure unless they have been properly trained to mitigate these issues. – flickerfly Nov 11 '14 at 19:41
@flickerfly "this sounds" ... What sounds? That I don't have control over a user's personal laptop? (Mind you, the systems that I control have sudo properly configured. Doesn't stop users from trying, or from coming to me for help with personal systems). Most users are idiots. Even training can help only to an extent. Or are you saying Ubuntu shouldn't give full sudo access to the only account created on installation? – muru Nov 11 '14 at 19:59
If the question is, "should the user use sudo or not?", which is what I understand it to be, I'm saying it is a policy decision. If the user is given it they should be able to use it at their discretion with provided permissions. It is the provider's responsibility to verify their ability to handle the responsibility. In the case of a personal system that is the same person. It isn't sudo's fault that the person messed up. That is a matter of trust and responsibility. sudo is just one place that will possibly cause failure of trust. The scope of the question wasn't limited to personal machines – flickerfly Nov 11 '14 at 21:33
@muru, Perhaps we can both agree that it is important to train people in the proper use of sudo and avoiding mistakes. My distinction is that it isn't sudo's fault that the person messes up. Blame should rest elsewhere. In other words, sudo isn't "Wrong" as the title states, but the person using it was wrong when they foul up my system or if I gave them access without knowing they could handle it properly, that's my fault (or management if it was beyond my control). – flickerfly Nov 11 '14 at 21:39
2

@flickerfly The question does ask what's wrong with sudo, but it really should be asking, 'what's wrong with unnecessary usage of sudo?', as the first sentence indicates. The debate is about gratuitous usage of sudo in guides and answers on AU. My position is that the person who uses sudo unnecessarily, leading others to believe it is okay to do so, is wrong. – muru Nov 12 '14 at 03:29
@BenCrowell it is not so easy to redidrect with sudo – Panther Apr 04 '15 at 01:57
@muru, is it possible for sudo cat filename on a binary file to cause security issues, or does it just mess up your terminal the same way cat binaryfile does, necessitating a logout to reset the terminal? In other words, are binary files an exception to your statement that cat isn't harmful? – Wildcard Apr 04 '16 at 19:29
1

@Wildcard AFAIK, it messes up the terminal the same way cat binaryfile does. Do you need a logout though? I find the reset command works well enough. – muru Apr 05 '16 at 01:38

score 15 · Answer 2 · answered Nov 06 '14 at 08:27

15

I think there is another issue not yet mentioned: sudo status is cached for the shell with a default of 15 minutes. This means you don't have to provide your password in the next 15 minutes in order to execute a potentially dangerous command.

I think we all can think of more or less likely security issues that could result from that: Unknown software bugs that exploit this or forgetting to lock the screen with random people or co-workers around come to mind.

This is indeed my primary reason for not using sudo when I don't have to and even if I have to, for frequently closing shells after I'm done with sudo work.

answered Nov 06 '14 at 08:27

musiKk

281

1

That risk can be mitigated by using the tty_tickets option in sudoers and sudo --remove-timestamp. – Martin Schröder Nov 06 '14 at 11:15
1

@MartinSchröder I already took tty_tickets into account. But you can set timestamp_timeout. That's why I wrote "default". I'm sure the majority of users will never change any of those options but of course that's speculation on my part. – musiKk Nov 06 '14 at 11:20

score 9 · Answer 3 · answered Nov 05 '14 at 21:41

Using sudo excessively is the Linux equivalent of the old Windows habit of running everything under the Administrator account. That one has been discussed and criticized to hell and back, so you can read everything that talks about why a person should not be running their Windows computer as an Administrator, and every single point will apply to habitual use of sudo on Linux.

score 4 · Answer 4 · answered Nov 04 '14 at 22:24

4

well, it's just cause you might accidentally mess with sensitive parts of your file system, causing much much trouble to yourself Being careful is never enough, so better not to expose yourself to unnecessary dangers

answered Nov 04 '14 at 22:24

ed0

348

Sohail xIN3N · Answer 5 · 2014-12-10T11:53:38.283

-1

When you do anything with Sudo, it means you give full rights to it, that's root access which is sometimes become very risky, if inadvertently, an app, which is running with root permission could do something wrong, results in a system crash to the corruption of the OS. Anyhow, for Cat, it's fine with root.

edited Dec 10 '14 at 11:53

answered Nov 07 '14 at 11:34

Sohail xIN3N

407

sudo can be configured to provide limited access. By default it provides an equivalent of full root access, but isn't required. – flickerfly Nov 11 '14 at 21:36

score -2 · Answer 6 · answered Mar 28 '16 at 20:27

-2

There is nothing wrong with unnecessarily using Sudo. Sudo (in it's default configuration/purpose on Ubuntu) provides fully elevated privilidges. If a user has been granted those privilidges, they are his to exercise as he wishes (including unnecessarily!). However, using Sudo when it isn't needed raises the stakes. It's an unnecessary risk. A simple typo can become disasterous, and that is why most people avoid using elevated permissions when they aren't needed. However, just because it is common practice to avoid unnecessary Sudo usage, doesn't mean it's wrong to go a different way. Sudo to your heart's content!

Within the context of AskUbuntu, I'm not at all surprised that you were instructed to avoid unnecessary Sudo usage. The purpose of this site is to allow experts to ask questions and get expert responses, but in reality there are lots of novice users on here, who know just enough to get themselves into trouble. It's common for posters to try and protect these users from themselves. Sudo abuse is common among novice users, because they don't really understand what is or does, nore take the time to learn. Also, this site prides itself on producing quality content. Unnecessary commands are inefficient, and therefore reduce the quality of a post.

answered Mar 28 '16 at 20:27

no-reply

27
1

1

Bad advice: use sudo very carefully! If you need sudo privileges it usually means you are doing something dangerous... – Fabby Mar 28 '16 at 20:44
You do not use a missile to kill an ant. You always should use the correct tool and use it correctly. – Rinzwind Mar 28 '16 at 21:23
2

@Fabby OP isn't suggesting one use Sudo unsafely, but rather pointing out that unnecessary usage doesn't equate to unsafe usage. – Hypno Toad Mar 28 '16 at 22:09
2

@Rinzwind There is nothing wrong with using a missle to kill an ant, so long as you're careful not to blow anything else up in the process. Unnecessary isn't a synonym for unsafe. – Hypno Toad Mar 28 '16 at 22:10
1

Yes there is. Example #1 http://askubuntu.com/questions/751339/attempted-to-open-unity-with-sudo-now-unity-messed-up – Rinzwind Mar 29 '16 at 07:16
2

@HypnoToad While I personally avoid using Sudo if I don't need root permissions, and encourage others to do the same, you are correct. Unnecessary and unsafe are not the same thing. There is nothing wrong with using Sudo for every task you do, so long as you use it safely. But as said, I wouldn't suggest anyone do this, because it puts your system at unnecessary risk. – Dean Z Mar 29 '16 at 17:27
"Example #1" is irrelevant. This thread is about using Sudo when it isn't needed, not about abusing Sudo, as is the case in your example. If one cannot be trusted to use Sudo safely they shouldn't be a sudoer in the first place. For home users, this doesn't happen because they are administrating their own systems, which means, regardless of whether they have the knowledge to use Sudo safely they have access to it, and will be using it. To rehash, there is nothing wrong with using a missile to kill an ant, so long as you're careful not to blow up anything else up in the process. – Hypno Toad Mar 29 '16 at 22:57
You don't use a missile to kill an ant... unless it's Atom Ant! – Samuel Feb 24 '17 at 21:56

What's wrong with using sudo?

6 Answers6

Linked