103 Sudo vs Su and Principle of least privileges

No comments

1. Difference Between su and sudo

Basic Definition

  • su (Substitute User or Switch User):
    Allows you to switch to another user account, typically the root user. You’ll be prompted to enter the target user’s password.

  • sudo (Superuser Do):
    Allows you to run a single command with elevated privileges, but you use your own password (not root's). Access is controlled through the /etc/sudoers file.

Key Differences

Feature su sudo
Purpose Switch to another user session Run a command with elevated privileges
Password Needed Target user's password (e.g. root) Your own password
Security Less secure (full shell access) More secure (limited command access)
User Traceability No command logs Commands logged in /var/log/auth.log
Configuration No configuration Highly configurable via /etc/sudoers
Session Scope Creates a new shell Executes a single command

Real-World Usage

  • Use su when:

    • You need to maintain a full root shell session.

    • You're working in an environment where sudo isn’t configured.

  • Use sudo when:

    • You want to minimize risk by limiting access to specific commands.

    • You're working in a multi-user environment and need an audit trail.

    • You want to adhere to best security practices.

Example

# Using su to become root
su -
# (enter root password)
apt update

# Using sudo to run a command as root
sudo apt update
# (enter your password)

2. Principle of Least Privilege (PoLP)

What It Means

The Principle of Least Privilege is a security best practice stating that users and processes should be granted only the minimum level of access needed to perform their tasks — no more, no less.

💡 Why It’s Important

  • Reduces attack surface: Limits what attackers can do if they gain access.

  • Minimizes human error: Prevents accidental deletion or system changes.

  • Improves auditability: Easier to track and understand permission usage.

  • Supports compliance: Many regulations (e.g., HIPAA, GDPR) require it.

How It's Applied in Linux

  1. User Permissions
    Users are placed into groups and given access to only necessary files or directories.

  2. Sudo Configuration
    The /etc/sudoers file is used to allow users to run specific commands as root, without giving full root access.

    Example:

    john ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart apache2

    This means john can restart Apache with sudo, but nothing else.

  3. File Ownership and Permissions
    The chmod, chown, and chgrp commands are used to tightly control file access.

  4. Service Accounts
    Processes like web servers or databases run under dedicated users (e.g., www-data) that only have access to their specific directories.

 Interview-Worthy Talking Points

  • “Using sudo instead of su enforces least privilege by giving users temporary access to specific tasks.”

  • “We implement PoLP by reviewing user permissions regularly and removing unnecessary sudo privileges.”

  • “I once audited a system where developers had full root access — we moved them to role-based sudo rules, which enhanced security significantly.”


No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )