
The sudo fraud - ilyash
https://ilya-sher.org/2016/06/08/the-sudo-fraud/
======
advisedwang
Even with unlimited, no-password required sudo, it provides a valuable
addition: audit logging.

every command you run with sudo is logged, along with the user than ran it. On
GCP each end user is provisioned a separate login user, and logs can be
shipped to Stackdriver Logging where they cannot be modified. This makes
access really verifiable.

~~~
sliken
Seems silly. Why create a pain in the ass for every command, instead of
enabling auditing? Of course you should log which ssh credential started the
session.

~~~
dllthomas
I don't disagree with your thesis here, but "for every command" is
substantially overstating the case.

------
organman91
There's one very good reason to use sudo instead of being in a root shell:
audit trails. sudo logs its invocations. While you could always see who is
becoming root, you'd have to look through root's shell history to see what's
happening (which isn't hard to purge - one of the many reasons a remote syslog
server may be called for).

~~~
sliken
Why not enable auditing?

~~~
brainfire
Why enable auditing when you already get the information you want with your
current setup?

~~~
sliken
Because sudo only works when you sudo, it's just one more thing to
type/mistype. Do you really want to pay your sysadmin to sometimes run sudo
and sometimes have logging? Or would you rather automate it and get 100%
logging?

~~~
brainfire
Who's implementing it and why would it cost me less than paying a sysadmin to
use sudo?

------
dllthomas
> Is it really simpler for you to type sudo all the time rather than having
> one terminal tab open with a root shell?

Yeesh. Privileged work I do is typically interleaved with commands that do not
need to be privileged. Actual security considerations aside, I would rather
have the guard rails afforded me by a normal user account for things that
don't have some specific reason to be privileged.

------
AstralStorm
Technically, the main point for sudo is allowing non-root users access to a
limited set of commands. That said, if you needed this, you should be using an
actual MAC system.

~~~
creshal
sudo predates most (all?) Unix MAC solutions. Nowadays, PolKit can do most of
its job in a more fine-grained way.

~~~
marios
I still prefer sudo to PolKit. The syntax used in the sudo configuration file
is quite error prone (which is why it is recommended to use visudo, as a way
to not lock yourself out due to an invalid configuration), I still prefer that
to PolKit's XML .policy files. Recent version can use JavaScript instead, but
as far as I am concerned, it's equally bad.

------
jessaustin
The argument-via-AWS probably indicts _sudo_ , but it threatens in addition to
indict any sort of command line access to production hosts. Why are you fixing
your server with a typed command? Why not just kill it and spin up another?

------
mh-cx
On my severs I often use “sudo -s“ in a separate tmux window. I've changed my
PS1 to give me a red prompt for root. Over the years I never had a situation
where I accidentally did something stupid as root.

~~~
eridal
It is so good to have visual clues. I do something similar, using..

    
    
        red = root
        yellow = others (or ssh)
        green = me
    

Plus when I'm SSH'ing to a remote box, it usually defaults to white prompt

------
apeacox
The only thing I agreed was: "If you manage a server, use root". sudo is a
good way to let unprivileged users to execute a restricted set of commands,
it's easy to learn and setup.

------
ilyash
===8<== Update 2016-07-09 05:58 UTC

Just to be clear: Please note it’s filed under the “Rant” category. The post
has some valid points but don’t take it too seriously. Use your best judgment
to decide which parts of the above apply to your situation. ===8<===

------
er0k
This seems relevant:
[http://www.garyshood.com/root/](http://www.garyshood.com/root/)

