Sudo what?

“Becoming root”, without first turning into a plant is not the only option to have these extra permissions temporarily. Some systems, such as the oh-so-popular Ubuntu have the root account disabled by default (it does not have a password so you cannot use it). Instead, the user has the right to execute the sudo command. With sudo, the user will only need to use their own password, and they can perform administrative tasks from their own user account.

The logic behind this is increased security: sudo is less powerful than root, and it can be further fine-tuned, a seasoned system administrator can control what sudo can or cannot access. not having a working root account is one less possible way to exploit a system (one less headache for an admin).

In Debian he user does not have the right to use sudo by default, you are encouraged to use su instead, as the standard “Debian way”.

While it sounds like a sane solution, and probably even makes more sense from the average user’s point of view, using sudo has another drawback: if the user’s account (and more precisely the user’s password) gets compromised, the system is compromised, because the same password can be used to modify the system. This is especially important if you consider that most “hacks” are not done through “breaking” system passwords, but by obtaining these passwords through various methods of social engineering. If a crafty hacker (who is definitely an excellent social engineer) gets hold of a user’s login details, he can access all other users and all system data through using sudo. Probably Debian knows what they are doing after all, especially for servers

Naturally, home users will be less affected by hacking attempts, and the convenience of one password to rule them all will make it a good idea to enable sudo for your user account. Never mind the Eye of Sauron…

The following short comic strip explains the power of sudo: