• mexicancartel@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can’t leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.

    • Cryxtalix@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      4 months ago

      The permission to do admin things is given by the root user, to your account. So you have to verify your identity by entering your password.

      Isn’t that how it is? I though that was analogous to how almost everything worked IRL. Whether withdrawing funds from a bank or engaging government services, you prove your identity as a customer/citizen to get the relevant services. At no point do you login to bank or government computers with full privileges.

      • mexicancartel@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        If you own your own bank, then i think you login as the one with full previlages. Yes when doing administrator things, you have to use sudo. The problem with root with sudo is, you authenticate as a user, then gain full permission from root, i.e analogous to login in to bank with full previlages.

        As a person who need to run sudo command its better to just verify yourself as root user to gain “full access”. I’m not saying about partial previlages. That is i just need a script which is just su -c with environment variables being copied

        • theshatterstone54@feddit.uk
          link
          fedilink
          arrow-up
          0
          ·
          4 months ago

          I see where you’re coming from, but in enterprise environments, you have admin accounts and root login is disabled for security purposes.