Does that1 security no-no matter on a single-user system which (almost) never leaves the sight of said user? Or is that just a matter of ‘don’t do this on a server’?
It’s not a good habit to get into. Even if you don’t have anyone at homebto mess with your system, these kinds of habits tend to follow people around. You’ll get comfortable at work and run something as root, but forget to deescalate permissions.
Just using sudo as your user runs only that command or script as root, then drops back to your limited user account.
Say you got busy or distracted and walked away, anyone who was able to access your system between the end of the command and the time your system auto locked would only have the access level of your user.
It’s a really important switch for doing things like setting up wireguard, which has protected directories, you can’t actually enter the directory for wireguard setup without sudo -i
(I mean technically you probably can with sudo su, too, but this is more elegant and less redundant)
What’s the problem exactly? There are many ways to do it, and I think saying you run apt-getupdate is quite fine even if you’re not explicitly saying that you run it as root. And he may not have flatpaks.
Um… shouldn’t it be:
sudo su; apt-get update; flatpak update;Or am I missing something?
You should never use “sudo su”. That’s a big security no-no.
~$ sudo apt update
[sudo] password for {your user name}:
-command executes-
~$
Does that1 security no-no matter on a single-user system which (almost) never leaves the sight of said user? Or is that just a matter of ‘don’t do this on a server’?
It’s not a good habit to get into. Even if you don’t have anyone at homebto mess with your system, these kinds of habits tend to follow people around. You’ll get comfortable at work and run something as root, but forget to deescalate permissions.
Just using sudo as your user runs only that command or script as root, then drops back to your limited user account.
Say you got busy or distracted and walked away, anyone who was able to access your system between the end of the command and the time your system auto locked would only have the access level of your user.
Use sudo -i instead, gives you an interactive shell without running the su binary with sudo, which is unnecessary
Edit: it’s i not I
Thank you, that’s a switch I hadn’t looked at. I’ll admit though, I’m on Mint, I have a nice built-in GUI that works nicely.
It’s a really important switch for doing things like setting up wireguard, which has protected directories, you can’t actually enter the directory for wireguard setup without
sudo -i(I mean technically you probably can with
sudo su, too, but this is more elegant and less redundant)My phones keyboard decided to capitalize, it’s -i
Thanks, we suffered the same fate.
Sudo apt-get update && sudo apt-get (-y if you want it to do it automatically) upgrade
What’s the problem exactly? There are many ways to do it, and I think saying you run
apt-get updateis quite fine even if you’re not explicitly saying that you run it as root. And he may not have flatpaks.There’s also
sudo apt updateif you only want to apply the superuser permission one specific command instead of a lot of commands