Friday, July 18, 2008

sudo bash > /dev/evil

Today I sat down with one of my team while he logged into a linux server to perform some administration tasks.

After ssh'ing to the machine, the first command entered was:

# sudo bash

Ouch!

Most of the time when we log into a remote server we are intending to perform admin tasks, but not every command needs to be executed as root. Executing "sudo bash" defeats the whole purpose of using sudo to begin with.

Sudo helps provide elevated privileges to multiple users of a machine. I don't want to limit the sudo rights on these machines as they are development and integration machines and many services are experimented with, configured, stopped, started, and generally played around with. I just want the team to treat root with respect.

Am I being picky about this?

What do you think?

2 comments:

kennii said...

Yeah, i agree with you. Use sudo only when that particular task requires.

Simple admin tasks ought not require root access. Well unless we're talking restarting apache, that probably needs a sudo infront.

That wasn't lawrence was it? =D

Scott said...

Hey Kennii

Actually... it was Lawrence :) To be fair most of his work on these boxes does require a fair amount of root access but that doesn't justify sudo-ing up as soon as the login prompt appears. We all perform these kinds of tasks on the servers and I almost never sudo bash.

I think it is just a bad habit and like all habits it can be hard to break. To break this habit you have to learn how to play nice with sudo.