Why do I have to use sudo for almost everything?

Question

If I understand the Linux philosophy correctly, sudo should be used sparingly, and most operations should be performed as an under-privileged user. But that doesn't seem to make sense, since I'm always having to input sudo, whether I'm managing packages, editing config files, installing a program from source, or what have you. These are not even technical stuff, just anything a regular user does.

It reminds me very much of Window's UAC, which people either disable, or configure to not require a password (just a click). Furthermore, many people's Windows users are administrator accounts as well.

Also, I've seen some people display commands that require sudo privileges without sudo. Do they have their system configured in such a way that sudo is not required?

Answer 1

You mentioned these system adminstration functions

managing packages, editing config files, installing a program from source

as things that

anything a regular user does

In a typical multiuser system these are not ordinary user actions; a systems administrator would worry about this. Ordinary users (not "under privileged") can then use the system without worrying about its upkeep.

On a home system, yes, you end up having to administer the system as well as using it.

Is it really such a hardship to use sudo? Remember that if it's just your system there's no reason why you can't either pop into a root shell (sudo -s - see this post for an overview of various means of getting a root shell) and/or configure sudo not to prompt for a password.

Answer 2

Sudo/Root is used whenever you are doing something that a standard user should not have the capability of doing for risk of damaging/changing the system configuration in a way that the Administrator of the system would not normally allow.

whether I'm managing packages, editing config files, installing a program from source, or what have you.

All of those are technically admin functions, and can drastically damage your system if something incorrect is done. In a corporate environment, as a Sysadmin, they are things I would NOT let my user do without my express knowledge, hence sudo.

For example, if a package/config file could be modified without elevated privileges, then it would be extremely simple for an outside source to simply execute remote code that could break/compromise your system. By forcing those actions to require root access, it forces you as the user to make the decision on whether or not those actions take place.

It is very similar to UAC with windows, it is actually where windows got the idea for UAC.

The quote you receive the first time you use sudo is very fitting, and very important:

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

Especially #2, Think before you type. That is an important reason sudo exists, when you type a command and it kicks back "must be root to perform this action" it forces you to stop and THINK about what you are actually doing.

Answer 3

Also, I've seen some people display commands that require sudo privileges without sudo. Do they have their system configured in such a way that sudo is not required?

You have to execute those commands as superuser, but you don't have to execute them using sudo. You could for example instead use su or doas (OpenBSDs replacement for sudo), or you could simply login as root.

So if they display their commands here without sudo than they assume that the reader will just use his favorite way of executing those commands as superuser.
It most certainly doesn't mean that they can execute those commands as a normal user.

Answer 4

One security feature offered by sudo is that you can have a system without a root password, so that root user cannot login directly. This offers additional protection for users who pick weak passwords - the attacker trying to brute-force the password (via SSH or otherwise) will have to figure a valid username first.

Another aspect is a more fine-grained privilege management. Think about make; sudo make install vs doing make; make install as root. Lots of things can go wrong during make. A badly configured tool may try to overwrite an important system file, "clean" the /lib instead of the current directory, consume all available RAM and hang the system, etc. make install is a small simple action with much less probability for a fatal error.

Answer 5

The point is that historically a system is really intended to be shared by multiple users who just log on, do some stuffs and then log off. Thus the distinction between admin and normal user. Such systems still exist in university labs and you can feel the difference sharply if you use such computers. Home PC where you are the sole user and also happens to have to act as the admin is really a much later development.

Answer 6

A computer is a tool. Let's try an analogy with another tool, let's say a frying pan. Sometimes, you have to take care of your frying pan. For example, you have to clean it with dish soap. Would you say that dish soap is a required ingredient of any recipe you use the frying pan for? You'll never see "dish soap" listed as an ingredient in cooking books. It is needed, but the preparation of the tool is another matter, so the cooking books don't mention it. The frying pan has to be cleaned, but it's not what it is made for.

It's kind of the same for your computer. It has to be configured and taken care of, but it's not what it is made for. You take care of it, you configure it, so it can work properly. Once this is done, you can use it, not as a system administrator, but as a user. That's what it's made for. When you're a user, you don't need sudo anymore. Just use the tool that you prepared beforehand. Of course, from time to time, you'll need to use root privileges, just as you have to clean your frying pan as often as you use it to cook.

So without exaggerating too much, we could say that you never need sudo (or the root password) to use your computer. Only to prepare your computer.

Answer 7

I bet it's because you use GUI software for everything except system administrative tasks, or you're talking about Linux servers, in which case most access will naturally be system administration. Therefore it might feel like doing anything at all in the shell requires sudo.

It's also possible to use the shell for your everyday tasks. Managing your personal files in ~, editing files, chatting on IRC, compiling code, browsing the web, all of that is doable in a shell. I even use bc as my go-to calculator. Some things are easier to do via a GUI, some things are easier to do via the shell - even if you prefer to use the GUI the shell will often excel in batch operations and automation (think shell scripts). Personally I use whichever is best for the task at hand.

In some cases it's a good idea to set up your system so that you don't need to use sudo every time for operations that by default require root but are unlikely to cause problems. One example is that I work with hardware which involves using serial ports, and I've set up udev rules to give access to the devices as my regular user without having to be root.

I don't think it's a good idea to configure sudo to not require a password. It makes it too easy to mess up your entire system with one mistyped command or malicious script.

If you need to do tasks that absolutely require root all the time, why not leave a persistent sudo -s root shell running in a terminal window? Then it'll be available without having to type in the password, and it isn't as easy to use accidentally. I've even set up my shell prompt to be bright red when in a root shell.

Answer 8

[...] But that doesn't seem to make sense, since I'm always having to input sudo, whether I'm managing packages, editing config files, installing a program from source, or what have you. [...]

The implied adjective related to all these is that they are system-wide or global changes. You must consider the origins of Unix as a multi-user system¹ where several users would use the same installation remotely. It wouldn't make sense for one layman user to allow to change the global settings for all users. It was the sysadmin's, the root's, privilege and responsibility.

In a multi-user setting you have the preinstalled software and their system-wide configuration under /usr and /etc respectively. Touching these locations would require root permissions. But because Unix software is written with multi-users in mind, you can compile and install software under $HOME directory², and have your own configuration files under your home, where you can edit the files freely without being a super user.

In addition to installing your own software under home, most system-wide software will read user-specific configuration from $HOME right after they first read configuration from /etc. This allows you to customize most anything without ever going root.

With a home PC, in a single main user setting, you can use sudo and root your way to things you like. But it's customary to not to touch application configuration in /etc but instead always provide user-specific config in home. That way you can allow your package manager to reset system-wide configs on upgrades. Installing new software system-wide is pretty OK in single-user setting; distro packages don't assume the alternatives so it's a easy way out.

I'll let my package manager install stuff globally but any compiled-from-sources and self-made stuff I leave under $HOME. And I don't have to sudo for any of that.

If you have data files, storage outside your $HOME, feel free to chown or chgrp the directories to your name so you can access the files without sudo.

^[1] (slightly ironical as Unix was meant to be a 'single user' version of the Multics operating system)

^[2] (if the system allows this by not mounting home partitions as noexec)

Answer 9

In the sorts of multiuser systems that UNIX (and, by descent, Linux) was designed for, these are not ordinary user actions. A system administrator might perform them, but not typical users, and so the system asks to make sure that the sysadmin actually wants to do this.

But even in single-user home systems, these are not ordinary user actions. One might typically have to do these when initially setting the system up, but once that's finished, a typical user should not have to do them very often. Most typical users just work on files inside their home directory (or subdirectories of it), using programs/packages that have already been installed, and you don't need sudo for that. Or they might work in a special directory somewhere else on the system that has been set aside for that purpose, and you need sudo to set that up, but you typically only need to do it once.

Why does that matter? Because "single-user" is a misnomer: you are not the only user of your machine, even though you might be its only human user. Even on a typical home Linux install, many programs are set up to use the machine in various ways of their own, often simulating something a human might do if they had the time and attention to spare: backups, updates, malware scanning, and the like. Most of the time, those uses are completely benign, but even for some of those, it is still prudent to make sure that the user really wants to do this. And when those cases arise, that's is what sudo is for. The computer is just checking in to make sure it's really you who wants to do what someone (maybe you, maybe a program) said you did. And that's not even getting into the possibility of malware, which you certainly don't want to masquerade as you.

Answer 10

This is probably not as common as represented but usually happens when something casual internally requires much more generic privileged system call to achieve its result, for instance:

• Unmount and carry away a USB stick. umount is a serious command as you can unmount a lot of things with it.
• Connect to the local wireless network. Nothing extraordinary, but the network configuration (ifup, etc) is for superuser only.
• Self-updating apps that refuse to run if not updated. Update = install, and this could install a lot of things, including things you do not want.

The systems generally evolve to reduce the number of such cases. USB sticks are user-mountable now and networks are user-connectable. But it was not always like this.

Answer 11

Assumption: this is your system and your data.

You just need to weight the risk of accidentally erasing data or bricking your OS vs. the ease of do stuff without typing sudo everytime.

I routinely login and work as root on my home servers because I can it is easier.

You will be told that you may launch nuclear weapons if you do not go though the sacro-saint sudo but the reality is that today people have root powers (*) on plenty of devices (your TV, your phone, your toaster, your Windows (as you mentioned)). Linux is no different here, even though many like to think otherwise.

BTW UAC was not modelled after sudo as its man role is (beside making your life miserable) to ensure that you will see when malware wants to do things on your behalf.

_{(*) root powers are defined as the capacity to nuke important data. The "with great power come great issues" (or whatever that was) adage applies.}

If my assumption is wrong then you still need to weight the risk above but there are more variables (your job, photos taken by your spouse and stored on the same laptop, ...)

Answer 12

In defense of the person that wrote the initial question, I had this same question in years past, but I took a different approach.

Most of the answers here could just be played on a loop, because they all keep stressing the same point about sudo and root. Let me add a different perspective to this topic:

The way I learned Unix AND Linux inside out was by using one of my computers as a "guinea pig." I would install SCO Linux, and eventually Solaris and then Linux much later, all the while joyfully experimenting as root so I could read and/or explore the directory hierarchy and all files with unrestrained access, also creating "normal user" accounts on my home-grown multi-user box, even though I was the only user. And I'm glad I did it that way. I learned so much about the "Unix Philosophy" and the way Unix was intended to be used by my experimenting.

I had a blast learning about security, and also running dangerous commands by typing rm -rf /* in a terminal as root. (DO NOT DO THIS! IT WILL HOSE YOUR SYSTEM!!) I did things like this and many other commands, just to see what would happen in real-time. I did these kind of things knowing the consequences before hand, yet I still learned a lot by doing so. I was using SCO Unix LONG before the web even existed (yes, I'm that old!) and experimenting this way was invaluable to my learning.

So what I'm saying is if you don't mind doing re-installations when something goes wrong, use su or login as root all you want and configure/hack away! You'll learn a hell of a lot by doing so.

Just remember that the advice that has been repeated a lot here was reiterated for a good reason: Best practice protocols have evolved over the decades as compsec has evolved, and you SHOULD pay attention to them, even as a home/single user of your system. By doing so, good sysadmin hygiene/habits will become second nature for you.

Just some food for thought on the topic of su and sudo. Happy hacking!