 As a Linux user, have you ever wondered why we use Sudu? Why is Sudu installed on virtually every Linux distro out of the box these days? Because this wasn't actually the case when I first got into Linux, especially, you know, back in the late 90s when I was first introduced to Linux, you know, working on web servers and things like that. But even when I became a Linux desktop user around 2008, you know, back then in desktop Linux, most distributions did not ship Sudu installed out of the box. Most of them did it the traditional way, which was you had your normal user, right? And any time you actually needed super user privileges, you use the su command switch user and you su over to the root user and you did things as root. And when you were done with the things you needed to do as the root user, you would su back over to your normal user. And my very first Linux distribution as far as a desktop distribution was Ubuntu. I started using Ubuntu back in 2008 and Ubuntu did use Sudu out of the box, but Ubuntu was kind of rare in this record because I remember back then other distributions, I would check out other distributions and, you know, on live DVDs back then, especially, and sometimes I'd go to their web forums and there would be this debate about Ubuntu using Sudu and these other distributions, not using Sudu. And there was a debate about which one was better, which one was more secure. And of course, if you were on a distribution that was a non Ubuntu distribution, typically you reject everything that Ubuntu did. So back then I remember a lot of people really resisted Sudu, but it quickly though gained favor nowadays. Pretty much everybody accepts the fact that Sudu is kind of a standard utility on Linux. Now if you wanted to still do the old method of just using SU, you can do that. I mean, no one requires you to install Sudu and use Sudu on your Linux machines, but there are some advantages to using Sudu because the old method, you know, because I had used distributions back in the day that didn't install Sudu and I had to do this SU method of doing everything, there were some disadvantages. For one thing, when you're logged in as your normal user, well, if you needed super user privileges for something, then you really only had two options. You either logged out as your normal user and logged back in as root, that's very dangerous, right? Or the other method is, you know, as your normal user, you would switch user SU in a terminal to the root user and do things as root in a terminal. That's also dangerous and the reason these are dangerous is because if you're logged in as root, either permanently logged in as in you logged into the machine as the root user or you did an SU over to the root user in a terminal, then as long as you're logged in or as long as that terminal is open, you're logged in as root. Anybody that has physical access to that machine is also logged in as root, meaning I step away from my computer and I'm logged in as root or even I just SUed in a terminal over to root. I step away from my machine for a few minutes. Anybody can come to this computer and they would have read, write, and execute permissions for every single file on the system, meaning they could do anything they want. Any private data I had on the system, they have access to read it, to write to it, to override it, to destroy it, right? They could maliciously attack the machine in some way. They could destroy the entire system if they wanted to. Of course, more than just malicious attacks, what would really be scary on business computers or servers, right, is that you have sensitive information, you know, personal information or business information that is not for public consumption. And these people would then have access to that information, of course, being logged in as root. And it's not just people that have physical access to a machine where this is a security issue. It's also hackers, people that are trying to remotely get into a machine because these hackers, they knew, especially in the days before SUDA was common on Linux, they knew every Linux server had a root user and if they could gain access to that user named root, they would have read, write, execute permissions for everything on a system. They would have super user privileges to do anything they wanted to on that machine. So hackers, they always targeted the root user. So naturally, Linux users and especially Linux administrators, they started to understand that this was a problem, this having to constantly log in as root to do things. It was dangerous. And this is really why SUDA came to be so popular, is because SUDA kind of, it solved this problem for us. And SUDA is very easy to work with. All you need to do on a Linux system, if SUDA is not installed, is install SUDA and then whatever normal user you want to grant SUDA privileges to, just make that user a member of the wheel group on most Linux distributions. Now Ubuntu is a little different, Ubuntu uses a different admin group called the SUDA group. So on Ubuntu, you would add your normal user to the SUDA group. On most Linux distributions, though, you add that particular user to the wheel group. And now because any time you need to switch over to the root user, you no longer have to, you can just do SUDA and then execute whatever command. That really solved a lot of problems because now, for security reasons, SUDA is much safer than SUDA because SUDA is temporary. So when you execute a command, you open a terminal and run SUDA name of command. You have temporarily granted that user, super user privileges. And by temporary, I mean, typically it's about five minutes, I think is what SUDA typically defaults to. You can adjust the time period, but when you invoke a command with SUDA, you have a brief time period where you have those super user, those root privileges. But after that time period expires, you no longer have those privileges. So you would have to invoke SUDA and enter a password again to get those privileges. So it's much safer than SU because if you SU to the root user, there's no time period. You're logged in as root. As long as you are logged in as root, everybody that would have access to that account or to this machine would have root privileges. So it's really a security nightmare SU is. One of the really cool things you can do once SUDA is installed and you have at least one normal user that has SUDA privileges. You could actually just disable the root account. That's what a lot of server administrators do. They just disable root login altogether. That way you never have to worry about somebody compromising this machine by being able to log in as root somehow. And typically how you do this on Linux machines is there's a file on your system called slash etsy slash pass wd. And it lists every single user on your system. And at the very end of each line for each user, it lists that user's default login shell. And typically for root, it will be slash bin slash bash. You'll see that at the very end of the root line. That means for the root user, when you log in as root, he logs into a bash shell. Well, you can change that. Instead of slash bin slash bash, you can change it to slash S bin slash no login. And that means his default shell is the no login shell. It means he's not allowed to log in essentially. As a matter of fact, it's become very common on Linux servers to just disable root access to everything on my web servers. I often disable root access for SSH, meaning the root user. He's not allowed to SSH into a machine. I have to actually log in as a normal user to SSH into my machines. And then once I log in as a normal user, then with sudo, of course, then I can do things with super user privileges on that machine. Now, from a security standpoint, disabling the root user is actually a really good idea because without being able to leverage the root user, hackers have a much harder time getting into a machine because now they no longer have this one user on this system that they know is always there. Now they have to try to guess user names, right? And they have to hope that they can compromise this user on the system. And even if they compromise one of the users on this system, unless that user happens to be a member of the wheel group or the sudo group, depending on what distribution you're running, they still wouldn't have super user privileges on that machine. So why am I bothering making this video today about the little history lesson with sudo and how we arrived here? But part of the reason is I still see people that for whatever reason still don't install sudo or a sudo-like program, like do-as, do-as is essentially a sudo kind of program. But there are still people out there still doing the old method of just using su to switch user over to the root user anytime they need to do something on their Linux machine. And honestly, I think that's dangerous. Partly why it's dangerous is I think a lot of these people that are using the old school su method of doing things is they really don't know about sudo. They don't know the benefits of it. They've never been actually told this because a lot of them are probably using distributions, very minimal distributions. That's typically where I see this. You install this minimal distribution that installs this very small base set of packages. And sometimes sudo is not installed as part of that base set of packages. It's your job to actually install sudo and then add users to the wheel group or the sudo group. The security advantages of using something like sudo are worth it. And honestly, there's really no disadvantages to using sudo. Now before I go, I need to thank a few special people. I need to thank the producers of this episode. Justin Gabe, James Matt, Maxim, Mitchell, Michael, Paul, Wes, Wanyabold, homie, Alan, Armored, Dragon, Chuck, Commander, Rangry, Diokai, Dylan, Marstrom, Erion, Alexander, Peace, Archon, Fedor, Polytech, Realiteak, Titzware, Les Red Prophet, Steven and Willie and Tools Devler, too. I skipped his name. I hope I didn't skip anybody else. These guys, they're my highest tiered patrons over on Patreon. Without these guys, this episode would not have been possible. The show's also brought to you by each and every one of these fine ladies and gentlemen as well. All these names you're seeing on the screen right now. These are all my supporters over on Patreon because I don't have any corporate sponsors. I'm sponsored by you guys, the community. Let me get in frame here. Do you like my work? Wanna see more videos about Linux and free and open source software? Subscribe to DistroTube over on Patreon. All right, guys, peace.