Don’t be disco, use sudo

Interesting comment from Ken Mayer on my post about root passwords:

No one should ever use “root” for anything except single-user mode emergencies and initial configuration. Make it a long string of random characters and store it in a safe or encrypted on a secure hard drive. Make it unique for every box. Then forget about it.

I didn’t frame my post very clearly at all. In some organisations, it’s appropriate for people to know root passwords. Most of the time, you shouldn’t use them. You should use sudo. Why?

Sudo is your best friend.

Sudo allows you to grant access to ordinary users, without having hand out passwords. Passwords are a good start for establishing identity (authentication), but not so good for controlling access to shared resources (like the root account of your server). Something is only a secret if one person knows it. If two people know it, there’s no secret. Three, and your mom knows.

Using sudo to allow your systems administrators or otherwise anointed people to gain access to the root prompt (or even better, just run the commands they need to) means that they each keep their own secret – their own password, which they use to inform the sudo command that they are who they say they are.

I’ve been using sudo since I first compiled it in 1999. I don’t even remember the root password of my main server. I’ve also broken the config badly enough that I have locked myself out of some systems, so I don’t recommend this strategy.

Sudo is now built into Linux, and Mac OS X. Sun distribute it for Solaris, but not in the default install. Solaris ships with RBAC, which is their own very fine grained version of sudo. Sorry, Windows users. You don’t have much more than ‘Run As’, as far as I know.

So if you’re using still using the root password every day, you’re being a little Disco. Sudo was written in 1980. But it’s time is now.


3 thoughts on “Don’t be disco, use sudo

  1. Andy Palmer says:

    You should always be able to recover your config with local access and a live cd 🙂

    Had to do that once or twice :-/

    Obviously a bit of a bummer for remote sites (need a local friend with a live cd 🙂 )

  2. Banos says:

    There’s always the Administrators group under Windows. Of course ssh is also a very powerful way of keeping the password secrets.

    Watch sudo as far as environment goes, home is by default not modified by sudo.

  3. @andy: password recovery can be straightforward. In the datacentre where you need to beg some security guard to let you in, it can be a royal PITA 🙂

    @banos: I spent some time doing Windows security management last year, weeding out group memberships. I thought it was odd that there was no easy way to elevate the privileges of your current login session. Just found this, though 🙂

    http://sourceforge.net/projects/sudowin

Comments are closed.

%d bloggers like this: