382
sudo su -
(reddthat.com)
Shit meme, I know.
this incident will be reported
sudo -i
run0
Not a shit meme at all ! In fact, I want to convert that to ASCII art and have it as the MOTD when I sudo -i or console in as root.
"I am brute" takes over your linux
Why would you sudo su? That defeats the purpose of sudo.
I use sudo su 'cause I can type it quicker than sudo -i
Why use the - i?
I just sudo [command].
-i asks for an interactive session
I use sudo su because running su with no options also gets you an interactive session without having to type anything but letters and a space
Both of these are for when you want a session as root which is nearly never necessary, but sometimes it's more convenient that a set of commands preceded by sudo
I figured out that it just drops you into a root shell, which is a bad thing.
You should try to never login as root. It's just bad security hygiene.
I run sudo apt update, put in my password, thenonce my repos are updated, I run sudo apt upgrade. Password only has to be input once, unless I get busy and forget to do the upgrade command, in which case I haven't left a root shell unattended for however long it took me to realize that I left the shell open.
That way if someone else comes along and tries to do stuff, they only have the limited privilege level that my user does.
It even gets worse - I keep screen sessions open with one screen running root
Security and convenience balance, and if something has compromised my sudoer account they have root anyway
if something has compromised my sudoer account they have root anyway
So instead of making the thief break a window, you would rather just leave the door open?
If I ever need to switch to the root user, I usually type su, but I saw someone use sudo su - in a video, which I thought was pretty strange but maybe the video creator knew something I didn't, or it wasn't possible to simply su a few years ago.
You get tired of playing Simon Says when you're doing a lot of admin stuff at once.
If you do multiple admin commands, sudo doesn't prompt for your password. There's some time limit before having to re input it.
Logging in as root is bad security hygiene. You'll become complacent and leave it logged in at some point. That's how you get pwnd.
I want to know more. Looking past running full desktop sessions as root and inputting stupid commands when sudo su, what's the problem with having a terminal window open and escalated to root?
There's some time limit before having to re input it.
Inputting a password multiple times into sudo has downsides too. Larger window for attackers to do something like: add a directory to your path, which has a fake sudo in it, and capture your password.
Depends how it's configured
Well then still sudo -s would suffice, no?
Have you heard of su?
Having a password for root is Ill advised.
Maybe I'm a bit ignorant, but would it make much of a difference? Whether I authenticate with my own account to get root permissions or directly with root, I still have a string of characters which I use to get root priveleges on my machine. For a single (physical) user machine, that allows me to use a separate password for root. Should be better than using the same one twice, right?
If root has a password, it's only one password; everyone who has root access knows the password, which means that anyone can share it with no accountability. If privilege escalation rights are granted instead, it's easy to see who did what, as well as to contain any kind of compromise (by revoking said rights).
Also, I think you originally referred to su but sudo allows much more granular control.
So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
Your home network is certainly less of a security risk due to both being a smaller target and (usually) needing to have fewer services available or ports open, so I would agree with you it's acceptable for security to be more lax. Personally, I don't find sudo to be less convenient than su; it's even saved me from thoughtlessly running a dangerous command a time or two. Also, I try to keep my home network setup close to my work network until doing so gets in the way. If nothing else, this prevents me from getting used to a different way of doing things.
However, it's your network. If you find that your way works better for you, by all means, configure your system in whatever way seems best to you!
How did we arrive at networking? I feel like we are on two completely different pages.
I was talking about your regular end user machines, what we usually call "desktop computers". They are connected to the internet, but I don't have any way to remotely login into those. And I have a single person per computer. There is no need to disable root passwords on these, seeing that Larry executed a command as root won't provide any insight, I know that Larry is the only person who uses the machine. And it can complicate things in a sense that if Larry fatfingers his password three times and gets locked out, I'll have to get into his filesystem somehow and remove tallies manually instead of just logging in as root and doing faillock --reset.
Sorry if I was unclear; what you're saying is kind of my point. A computer without networking can still have risks, but they're a lot lower. The standards of security can change with conditions. If you have a computer on an enterprise network, it should be very secure; if on your home network, more cavalier standards can make sense. If you have a computer without any networking whatsoever, being compromised is not impossible, but it's much less likely unless you're storing something quite extraordinary on the system. That's why I referenced networks while talking about the configured security of an individual system. In general, I believe I was broadly agreeing with you.
Yes I have, also it's in the original image. I was strictly talking about sudo usage
this post was submitted on 07 Jun 2025
382 points (100.0% liked)
linuxmemes
25594 readers
941 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. ๐ฌ๐ง Language/ัะทัะบ/Sprache
- This is primarily an English-speaking community. ๐ฌ๐ง๐ฆ๐บ๐บ๐ธ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. ย
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS