# sudo vs su

## Tonglebeak

For the past 3 years (ever since I got gentoo), I've always used su. Using the livecd lately to do some grub repairs, I had to sudo the entire time which was quite annoying. What I don't understand is why sudo is popular enough to be put on a livecd? Correct me if I'm wrong, but isn't sudo _less secure_ than using su? Say someone figures out your password and logs in your account...now they can sudo all day long and gain root privileges. But if sudo wasn't present, then the "hacker" would have to figure out root's password as well to gain root privileges, making it a double-layered shield.

Of course if the script kiddy/hacker knew root's password all along then su vs sudo won't matter. I'm just saying though...

...Perhaps I'm just very uneducated about sudo, but I don't like the looks of it :\

----------

## coolsnowmen

 *Quote:*   

> I had to sudo the entire time which was quite annoying.

 

```
sudo bash
```

  :Cool: 

----------

## zyko

 *Quote:*   

> I had to sudo the entire time which was quite annoying.

 

```
sudo su -
```

----------

## danomac

From my understanding sudo can be used to limit certain commands to certain users. It is a possibility as another layer to exploit, though.

I personally don't use sudo on any machine that is internet-facing by choice, but for my desktop and LAN computers I do.

And yes,

```

$ sudo su -

```

is the way to go. It gets you a root prompt on the live CDs.

----------

## defenderBG

...

sudo is used to enable a user to execute something specific with admin priveledge. I use it for example to enable myself (as user, not as admin) to connect to the wireless. I didnt put it on auto, since I normaly use wired internet.

There is the /etc/sudoers which allows you to specify what user is capable of using sudo and in which content. For example I have this line:

orlin ALL = NOPASSWD: /sbin/connecthandy, /usr/bin/vpn, /usr/sbin/vpnc /etc/vpnc.conf

which allows me to execute connecthandy with no password. now, if I try sudo /etc/init.d/net.eth0 stop I will not be allowed. The livecd uses sudo because if you want to use su you need a password awlays, which means that the root password should be somewhat known (security risk). If you use sudo, you can allow a user to use admin privelege without knowing the password. It will take another 15 minutes to explain why this is better, but I am too lazy, just think that it takes only username + password to be able to access an account. the username is known: root, so if the password is preset, lets say "xyzyx", then you have a security problem.

If you want to login in a livecd as root you can simply do "sudo su".

ps: to use sudo your use have to be part of the sudoers group.

----------

## danomac

 *defenderBG wrote:*   

> ...
> 
> sudo is used to enable a user to execute something specific with admin priveledge. I use it for example to enable myself (as user, not as admin) to connect to the wireless. I didnt put it on auto, since I normaly use wired internet.
> 
> There is the /etc/sudoers which allows you to specify what user is capable of using sudo and in which content. For example I have this line:
> ...

 

I wasn't very clear, but this is what I meant. There have been exploits in the past to get around sudo's authentication though. For that reason I don't put it on critical machines.

----------

## defenderBG

when i read the thread your post was not there. look at the time, i wrote 5 minutes later and my last post took me somewhat more than 5min.

Anyway, I still would have written a longer post in order to explain why it is used.

I am interested in what those exploits might be, can you give me a link?

----------

## danomac

If you google sudo exploit you'll get several articles. Some are old (2001-ish), but there was some last year that I remember about.

Because of this, I (and others) don't trust it on production servers. This is what I mean by a different layer of attack.

----------

## defenderBG

every program, especially those, that might execute something in su mode, are a potential security risk and should be only then installed, when there is no other way around. this is one of the golden rules for a production service, so indeed sudo, which is more a convinience program, should not be a part of a production server. Yet for a personal computer, where the situation is clearly different (no multiusers, no ssh, etc) the risk is not that great. Or at least it is not shown in the top 20 answers by google.

----------

## timeBandit

While exploits should not be dismissed lightly, sudo does have an advantage over su that can be quite useful: commands are logged. 

Of course logs can be altered but in many cases, admins are more interested in (or at least, more often handle) accidental than malicious damage. The ability to censure the poor schlub who accidentally breaks a vital service gives all such schlubs great incentive to be more careful.

----------

## mv

 *Tonglebeak wrote:*   

> Correct me if I'm wrong, but isn't sudo _less secure_ than using su?

 

No, quite the opposite. sudo just is more configurable. You can make it behave exactly the same way as su (i.e. requiring root password and asking it every time). In addition, you can specify which environment settings should/shouldn't be cleaned (IIRC, su keeps all unless you use su -).

Of course, sudo might have internal bugs but so might have su as well. The risk for internal bugs is always there, but meanwhile both programs exist long enough and have been checked by enough security specialists that it appears unlikely that they allow exploits which have not been found yet (at least, if you use a sane /etc/sudoers).

----------

## Shagbag

I'd thought I'd post here rather than start a new thread.

If I remove user 'shagbag' from the wheel group and configure /etc/sudoers as such:

Defaults  rootpw

shagbag  ALL=(ALL)  ALL

Is there any practical advantage over just letting shagbag be a member of wheel, other than logging each and every command executed by sudo?

I know how easily shagbag can change /etc/sudoers (and /etc/group) with the above configuration, but I can't think of one practical advantage over logging non-malicious/accidental mistaken use of sudo.

Maybe someone has thought about it more deeply and can enlighten me.

----------

