Real sysadmins don't sudo

A few months ago, I read a very interesting article that contained some good information about a Linux feature that I wanted to learn more about. I won’t tell you the name of the article, what it was about, or even the web site on which I read it, but the article just made me shudder.

The reason I found this article so cringe-worthy is that it prefaced every command with the sudo command. The issue I have with this is that the article is allegedly for sysadmins, and real sysadmins don’t use sudo in front of every command they issue. To do so is a gross misuse of the sudo command. I have written about this type of misuse in my book, “The Linux Philosophy for SysAdmins.” The following is an excerpt from Chapter 19 of that book.

In this article, we explore why and how the sudo tool is being misused and how to bypass the configuration that forces one to use sudo instead of working directly as root.

sudo or not sudo

Part of being a system administrator and using your favorite tools is to use the tools we have correctly and to have them available without any restrictions. In this case, I find that the sudo command is used in a manner for which it was never intended. I have a particular dislike for how the sudo facility is being used in some distributions, especially because it is employed to limit and restrict access by people doing the work of system administration to the tools they need to perform their duties.

“[SysAdmins] don’t use sudo.”
– Paul Venezia

Venezia explains in his InfoWorld article that sudo is used as a crutch for sysadmins. He does not spend a lot of time defending this position or explaining it. He just states this as a fact. And I agree with him – for sysadmins. We don’t need the training wheels in order to do our jobs. In fact, they get in the way.

Some distros, such as Ubuntu, use the sudo command in a manner that is intended to make the use of commands that require elevated (root) privileges a little more difficult. In these distros, it is not possible to login directly as the root user so the sudo command is used to allow non-root users temporary access to root privileges. This is supposed to make the user a little more careful about issuing commands that need elevated privileges such as adding and deleting users, deleting files that don’t belong to them, installing new software, and generally all of the tasks that are required to administer a modern Linux host. Forcing sysadmins to use the sudo command as a preface to other commands is supposed to make working with Linux safer.

Using sudo in the manner it is by these distros is, in my opinion, a horrible and ineffective attempt to provide novice sysadmins with a false sense of security. It is completely ineffective at providing any level of protection. I can issue commands that are just as incorrect or damaging using sudo as I can when not using it. The distros that use sudo to anesthetize the sense of fear that we might issue an incorrect command are doing sysadmins a great disservice. There is no limit or restriction imposed by these distros on the commands that one might use with the sudo facility. There is no attempt to actually limit the damage that might be done by actually protecting the system from the users and the possibility that they might do something harmful – nor should there be.

So let’s be clear about this—these distributions expect the user to perform all of the tasks of system administration. They lull the users—who are really System Administrators—into thinking that they are somehow protected from the effects of doing anything bad because they must take this restrictive extra step to enter their own password in order to run the commands.

Bypass sudo

Distributions that work like this usually lock the password for the root user (Ubuntu is one of these distros). This way no one can login as root and start working unencumbered. Let’s look at how this works and then how to bypass it.

Let me stipulate the setup here so that you can reproduce it if you wish. As an example, I installed Ubuntu 16.04 LTS1 in a VM using VirtualBox. During the installation, I created a non-root user, student, with a simple password for this experiment.

Login as the user student and open a terminal session. Let’s look at the entry for root in the /etc/shadow file, which is where the encrypted passwords are stored.

student@machine1:~$ cat /etc/shadow
cat: /etc/shadow: Permission denied

Permission is denied so we cannot look at the /etc/shadow file. This is common to all distributions so that non-privileged users cannot see and access the encrypted passwords. That access would make it possible to use common hacking tools to crack those passwords so it is insecure to allow that.

Now let’s try to su – to root.

student@machine1:~$ su -
Password:
su: Authentication failure

This attempt to use the su command to elevate our user to root privilege fails because the root account has no password and is locked out. Let’s use sudo to look at the /etc/shadow file.

student@machine1:~$ sudo cat /etc/shadow
[sudo] password for student: <enter the user password>
root:!:17595:0:99999:7:::
<snip>
student:$6$tUB/y2dt$A5ML1UEdcL4tsGMiq3KOwfMkbtk3WecMroKN/:17597:0:99999:7:::
<snip>

I have truncated the results to only show the entry for the root and student users. I have also shortened the encrypted password so that the entry will fit on a single line. The fields are separated by colons (:) and the second field is the password. Notice that the password field for root is a “bang,” known to the rest of the world as an exclamation point (!). This indicates that the account is locked and that it cannot be used.

Now, all we need to do to use the root account as proper sysadmins is to set up a password for the root account.

student@machine1:~$ sudo su -
[sudo] password for student: <Enter password for student>
root@machine1:~# passwd root
Enter new UNIX password: <Enter new root password>
Retype new UNIX password: <Re-enter new root password>
passwd: password updated successfully
root@machine1:~#

Now we can login directly on a console as root or su – directly to root instead of having to use sudo for each command. Of course, we could just use sudo su – every time we want to login as root – but why bother?

Please do not misunderstand me. Distributions like Ubuntu and their up- and down-stream relatives are perfectly fine and I have used several of them over the years. When using Ubuntu and related distros, one of the first things I do is set a root password so that I can login directly as root.

Valid uses for sudo

The sudo facility does have its uses. The real intent of sudo is to enable the root user to delegate to one or two non-root users, access to one or two specific privileged commands that they need on a regular basis. The reasoning behind this is that of the lazy sysadmin; allowing the users access to a command or two that requires elevated privileges and that they use constantly, many times per day, saves the SysAdmin a lot of requests from the users and eliminates the wait time that the users would otherwise experience. But most non-root users should never have full root access, just to the few commands that they need.

I sometimes need non-root users to run programs that require root privileges. In cases like this, I set up one or two non-root users and authorize them to run that single command. The sudo facility also keeps a log of the user ID of each user that uses it. This might enable me to track down who made an error. That’s all it does; it is not a magical protector.

The sudo facility was never intended to be used as a gateway for commands issued by a sysadmin. It cannot check the validity of the command. It does not check to see if the user is doing something stupid. It does not make the system safe from users who have access to all of the commands on the system even if it is through a gateway that forces them to say “please” – That was never its intended purpose.

“Unix never says please.”
– Rob Pike

This quote about Unix is just as true about Linux as it is about Unix. We sysadmins login as root when we need to do work as root and we log out of our root sessions when we are done. Some days we stay logged in as root all day long but we always work as root when we need to. We never use sudo because it forces us to type more than necessary in order to run the commands we need to do our jobs. Neither Unix nor Linux asks us if we really want to do something, that is, it does not say "Please verify that you want to do this."

Yes, I dislike the way some distros use the sudo command. Next time I will explore some valid use cases for sudo and how to configure it for these cases.

[ Want to test your sysadmin skills? Take a skills assessment today. ]