Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security_101.rst #281

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update security_101.rst #281

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions security_101.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,21 @@ Chroot, jails and containers

Sudo (or, "Why you should not log in as root")
==============================================
Sudo allows users to run a command or program using the security privileges of another user, this will be the superuser or root by default. As the name implies the superuser is an user at the most powerful level granting the command or programs run without restrictions. A security policy can be used to determine what priviliges a user has to run sudo. Usually a policy will require users to authenticate themselves such as entering a password.

Sudo can be used by simply placing it infront of the command you want to run. Alternatively the command 'su' can be used, this allows you to log in as another user or the root. Whereas sudo will only run one command as another user, su will run all following commands as the specified user.

So why not just make my life easy, run su at the start of my session and get rid of those peksy security restrictions?
Well there are several reasons why you shouldn't log in as root:

- **Security** - It destroys the built-in security model that has been put there to protect the underlying system from being messed with.
- **Programs** - Running an program as root gives a program freedom. Total freedom. Running a program on a standard user account will give it write access to your homefolder only. Running it as root removes these restrictions, even giving the program write access to the system files. A malicious or buggy program could decide to delete all the files it can access, and since you elevated its rights to the root it can.
- **Yourself** - Su is trap for the inexperienced linux user. You are no longer a 'mere mortal' one click, a tap on the enter button and its done. The system won't interrupt you or ask if you are sure you want to run a heavy impact command. You might be exploring some new commands and before you know it you're formatting your disks.

It's good practice to be wary of what permissions you give your commands or programs. Educate yourself before you go and give away root powers.

For more information on how to use the 'sudo' command please refer to the man page:
https://www.sudo.ws/man/1.8.15/sudo.man.html

History and Lore
================
Expand Down