• @[email protected]
    link
    fedilink
    English
    96 months ago

    su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can’t leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.

    • @steeznson
      link
      46 months ago

      Completely agree with this take. There are dozens of us!

    • @[email protected]
      link
      fedilink
      4
      edit-2
      6 months ago

      The permission to do admin things is given by the root user, to your account. So you have to verify your identity by entering your password.

      Isn’t that how it is? I though that was analogous to how almost everything worked IRL. Whether withdrawing funds from a bank or engaging government services, you prove your identity as a customer/citizen to get the relevant services. At no point do you login to bank or government computers with full privileges.

      • @[email protected]
        link
        fedilink
        English
        26 months ago

        If you own your own bank, then i think you login as the one with full previlages. Yes when doing administrator things, you have to use sudo. The problem with root with sudo is, you authenticate as a user, then gain full permission from root, i.e analogous to login in to bank with full previlages.

        As a person who need to run sudo command its better to just verify yourself as root user to gain “full access”. I’m not saying about partial previlages. That is i just need a script which is just su -c with environment variables being copied

        • @[email protected]
          link
          fedilink
          15 months ago

          I see where you’re coming from, but in enterprise environments, you have admin accounts and root login is disabled for security purposes.

          • @[email protected]
            link
            fedilink
            English
            15 months ago

            Sure. Sudo is a super useful tool in such places. The problem I have is that it is stuffed into the desktop