su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can’t leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.
The permission to do admin things is given by the root user, to your account. So you have to verify your identity by entering your password.
Isn’t that how it is? I though that was analogous to how almost everything worked IRL. Whether withdrawing funds from a bank or engaging government services, you prove your identity as a customer/citizen to get the relevant services. At no point do you login to bank or government computers with full privileges.
If you own your own bank, then i think you login as the one with full previlages. Yes when doing administrator things, you have to use sudo. The problem with root with sudo is, you authenticate as a user, then gain full permission from root, i.e analogous to login in to bank with full previlages.
As a person who need to run sudo command its better to just verify yourself as root user to gain “full access”. I’m not saying about partial previlages. That is i just need a script which is just su -c with environment variables being copied
su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can’t leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.
Completely agree with this take. There are dozens of us!
The permission to do admin things is given by the root user, to your account. So you have to verify your identity by entering your password.
Isn’t that how it is? I though that was analogous to how almost everything worked IRL. Whether withdrawing funds from a bank or engaging government services, you prove your identity as a customer/citizen to get the relevant services. At no point do you login to bank or government computers with full privileges.
If you own your own bank, then i think you login as the one with full previlages. Yes when doing administrator things, you have to use sudo. The problem with root with sudo is, you authenticate as a user, then gain full permission from root, i.e analogous to login in to bank with full previlages.
As a person who need to run
sudo command
its better to just verify yourself as root user to gain “full access”. I’m not saying about partial previlages. That is i just need a script which is just su -c with environment variables being copiedI see where you’re coming from, but in enterprise environments, you have admin accounts and root login is disabled for security purposes.
Sure. Sudo is a super useful tool in such places. The problem I have is that it is stuffed into the desktop