Using sudo is a good idea that has been around for decades, but it’s only in the
last few years that it’s caught on as an alternative to logging in as root. Using
sudo is such an improvement that some Linux distributions, such as Amazon’s
Linux-based VMs, have made it compulsory. Working with AWS has reminded me of the importance of sudo — and knowing when and
how to use it.

Logging in as root is easier and quicker. Why use sudo?

The root account is an explosive

The Linux system treats everything like a file. You can make a
file, stick things in it, and delete it. It’s pretty straightforward. The Linux
security system is also pretty straightforward — if you own the file, you can
do what you like to it. If you want someone else to do things to the file, you
can give them permission to read it, write in it, or even run it (if it is a
program).

There’s one person that operates above the law of the security
system — the root user. The master administrator. The super-user. It’s a
privileged account — the root user is the only one allowed to do many useful
things, like start a web server, reset a forgotten password, and install
security patches.

Anyone can use the root user’s account, if they know the
password. If you can log in as root, you can ride roughshod over everyone
else’s files. It’s dangerous, but not so much because bad guys will abuse the
privilege to spy on users, launch attacks on other systems, and steal data. The
big problem with using the root account is that you are only one unfortunate command
away from disaster. The longer you work as root, the closer you get to
accidentally blowing a big hole in your operating system.

sudo is a stabilizer

The sudo command lets you use the root account to run a
command. You can still do the system magic, but you are not permanently playing
with the explosive power of root.

Not logging in as root — like not mixing spots and stripes,
not smoking, and not walking around with a gun down your trousers — is a good
idea because it lessens the chance of unpleasant consequences. There is less
chance of accidentally stopping a customer service, unmounting critical data,
or deleting all the commands.

sudo brings its own set of annoyances

The trouble with sudo is you have to remember to stick it in
front of the command you run. Everyone forgets to use sudo from time to time.
Sometimes the mistake of forgetting sudo is harmless. You are forbidden from
doing your work, but that’s all.

[ec2-user@ip-10-167-15-124 ~]$ yum install httpd
Loaded plugins: priorities, security, update-motd, upgrade-helper

You need to be root to
perform this command.

[ec2-user@ip-10-167-15-124 ~]$

Sometimes forgetting sudo is disturbing but still harmless.

[ec2-user@ip-10-167-15-124 ~]$ service httpd status

httpd dead but subsys locked

[ec2-user@ip-10-167-15-124 ~]$

What? HTTPD (the web server) is dead? What about my customer
service? And what on earth is subsys?
Try it again with sudo and a more reassuring message appears.

[ec2-user@ip-10-167-15-124 ~]$ sudo service httpd status

httpd (pid 1409) is running…

[ec2-user@ip-10-167-15-124 ~]$

sudo su –

A sysadmin often types in many commands that all need root
privileges. It’s tempting to just log in as root and do the work. If you are
really intent on using the root account, sudo can arrange that.

[ec2-user@ip-10-167-15-124 ~]$ sudo su –

[root@ip-10-167-15-124 ~]#

The prompt changes to remind you that the system will let you
do anything you want. Do you know what gets blown away by this command?

rm –rf /

If you just shuddered from the bad memories of that awful day,
go ahead and use the root account. Once bitten, twice shy.

Use sudo. And don’t blow stuff up.