Even with unlimited, no-password required sudo, it provides a valuable addition: audit logging.
every command you run with sudo is logged, along with the user than ran it. On GCP each end user is provisioned a separate login user, and logs can be shipped to Stackdriver Logging where they cannot be modified. This makes access really verifiable.
Seems silly. Why create a pain in the ass for every command, instead of enabling auditing? Of course you should log which ssh credential started the session.
disclaimer: I have no idea about Linux auditing: If you 'sudo -s' (or one of its friends) does the log still record the commands done in the "root shell"?
There's one very good reason to use sudo instead of being in a root shell: audit trails. sudo logs its invocations. While you could always see who is becoming root, you'd have to look through root's shell history to see what's happening (which isn't hard to purge - one of the many reasons a remote syslog server may be called for).
> Is it really simpler for you to type sudo all the time rather than having one terminal tab open with a root shell?
Yeesh. Privileged work I do is typically interleaved with commands that do not need to be privileged. Actual security considerations aside, I would rather have the guard rails afforded me by a normal user account for things that don't have some specific reason to be privileged.
Technically, the main point for sudo is allowing non-root users access to a limited set of commands. That said, if you needed this, you should be using an actual MAC system.
The argument-via-AWS probably indicts sudo, but it threatens in addition to indict any sort of command line access to production hosts. Why are you fixing your server with a typed command? Why not just kill it and spin up another?
On my severs I often use “sudo -s“ in a separate tmux window. I've changed my PS1 to give me a red prompt for root. Over the years I never had a situation where I accidentally did something stupid as root.
The only thing I agreed was: "If you manage a server, use root". sudo is a good way to let unprivileged users to execute a restricted set of commands, it's easy to learn and setup.
Just to be clear: Please note it’s filed under the “Rant” category. The post has some valid points but don’t take it too seriously. Use your best judgment to decide which parts of the above apply to your situation.
===8<===
[+] [-] advisedwang|9 years ago|reply
every command you run with sudo is logged, along with the user than ran it. On GCP each end user is provisioned a separate login user, and logs can be shipped to Stackdriver Logging where they cannot be modified. This makes access really verifiable.
[+] [-] sliken|9 years ago|reply
[+] [-] tubs|9 years ago|reply
[+] [-] organman91|9 years ago|reply
[+] [-] sliken|9 years ago|reply
[+] [-] dllthomas|9 years ago|reply
Yeesh. Privileged work I do is typically interleaved with commands that do not need to be privileged. Actual security considerations aside, I would rather have the guard rails afforded me by a normal user account for things that don't have some specific reason to be privileged.
[+] [-] AstralStorm|9 years ago|reply
[+] [-] creshal|9 years ago|reply
[+] [-] jessaustin|9 years ago|reply
[+] [-] mh-cx|9 years ago|reply
[+] [-] _lce0|9 years ago|reply
[+] [-] dllthomas|9 years ago|reply
[+] [-] apeacox|9 years ago|reply
[+] [-] ilyash|9 years ago|reply
Just to be clear: Please note it’s filed under the “Rant” category. The post has some valid points but don’t take it too seriously. Use your best judgment to decide which parts of the above apply to your situation. ===8<===
[+] [-] er0k|9 years ago|reply