Sudo: Magic or Protection?

Tired of hearing people argue about sudo? Me too. Sudo isn't magic, it's not a command that checks everything you type and it certainly can't make sure you don't implement production destroying changes (use a test environment first, seriously). 

I learned computing and basic programming skills in the 1980's, booting the IBM Personal PC with a 5.25" disk. The PC setup with dot matrix printer and manuals, cost more than cars at the time. We booted into DOS and from there loaded whatever was on our other 5.25" disk. A few years later came a graphics card and monitor, and that massive 20MB hard drive. Again later came Windows, where you could open a command prompt and get the warm fuzzy feeling of the power of DOS all over again. 

Later years, while learning Linux systems, the use of sudo was puzzling. As a Windows/DOS user, I didn't need special permission to do anything on the system. I could type delete *.* and it would obey, much to my detriment. I could type format d: and it would clear my 20MB hard drive. Why does Linux think I need to ask for permission to do administrative duties, even if I am an administrator?

I see this gripe on Linux forums often. A user versed in Windows comes to Linux and wonders at the use of Sudo. Invariably, there's a Linux user somewhere who responds and dies on the hill that, "Sudo keeps you from making mistakes." Seriously? That person can't really be a server administrator. He can't even really be familiar with Linux, can he? Why is it that at least one person always says this when the Sudo question comes up. 

Sudo does two things: it verifies that the user is allowed to have root privileges (sudoers file) and it asks for a password to verify that the approved user is actually the person typing sudo. Once a Windows user has had time managing the Linux privileges system, we learn that it is the foundation for security on Linux. Finely grained permissions are a pain, but provide powerful security in who can access, read, write, or run data on a system. Windows is moving this way also, but is a user oriented system, not a systems oriented system.

So why do so many Linux users say that sudo protects them from making mistakes? Sure, it can remind you that you're about to issue a command that has system level implications, but it certainly doesn't check that command to see if it is going to do any damage. Sometimes you need to make system level changes, and that's what the user permissions verification is   for.  It really is scary that Linux users say 'it protects from mistakes' when it can do nothing even close to that. I know the times I've made my biggest mistakes were when I was frustrated with an issue and didn't think through the domino effect a command would have. Sudo didn't make me stop and think, " oh, at the end of this chain I'm about to delete is the access file to the systems in that subnet." More than likely, I would just be annoyed I had to type sudo and repeat the command quicker the second time with sudo leading the way. 

Sudo is not magic. It can't prevent mistakes and anyone who says so can't really be a server administrator, since we all make mistakes preceded by sudo. Sudo can't differentiate between what you want to do and what the command will do. Yet that's what we hear every time a new Linux user asked about Sudo...and people need to stop saying it and study Linux a little ( a lot ) more. 

 I don't "play" on my Linux servers, so all my activities on Linux are done in root on my systems. There's very little I'll do that won't need the sudo, so my first command after opening a terminal emulator is sudo su. It would be nice if sudo would test my intentions versus the actuality of the command, walk me through each step and verify it (keep me from making a mistake), but that's a long way off in machine learning world somewhere. For now, all we have is the security of Linux permissions... and the people who mistakenly think sudo prevents mistakes. ugh