ProgrammerHumor
whoIsControllingMe
Discussion
This incident will be reported.
BZZZT
he was asking too many questions.
This question will be reported as well.
The machine doesn't know it's yours.
The machine doesn't recognize your ownership as anything other than a temporary inconvenience to be rectified.
Why did i read that with the Terminator theme in my head
Even better - try reading it in Schwarzenegger's voice
If i do that then i would be completly lost, i already love housekeepers
Is it stupid?
Oh my yes.
Good news everyone!
Most bugs are caused by the software doing exactly what you told it to, so I suspect that my computer thinks I’m stupid too.
Yes, but so am I, so it's the blind leading the blind...
Yes. That why you need to add AI
Exactly. AI is advanced stupid.
The Machine™ is owner-agnostic.
The Machine™ will recognise the chosen one by his name. root.
The Machine™ will answer "Access denied", since root login is not permitted.
The Machine™ is well. Configured.
Reboot.
Let’s lift the veil: I am root.
I am the first user on any of your computers.
When you use sudo from anywhere, I get an email and click „approve“.
That’s the whole secret.
Sorry guys
Why did you approve me accidentally deleting my whole filesystem :(
"Limiting stupidity limits creativity"
- someone smart, probably
- TitanSub CEO
I’m a simple man. I see an email requesting “rm -rf /*”, I click approve
Are you the guy that all of those failed login attempts for non-sudo users get reported to?
So when the incident gets recorded...I must know!
Do you get my doas requests from OpenBSD? Because I can explain last Thursday, I swear
Explain it to the FBI, it’s already submitted
Oh so thats where the incidents are being reported to, your inbox. Makes sense now!
And I am Grook.
mechahitler?
Because you are just renting this machine. It’s obviously belongs to the root user who gives you mercy to use this machine
I am suspecting someone call “su”. Since when I typed it in terminal, then I don’t need to type sudo.
ya and when this su character is told to do a single thing maybe we can create a seperate syscall for it... i wonder what we should name it something like su... do?
That's ... It's soodoo? Not soodough?
i go hide now unless you're making a GIFjif joke
Dang. I used the mnemonic "superuser do" to remember the command back in the day when I was first learning but I still pronounce it su-dough which seems wrong when you put it like that.
Maybe you already know this, but su is "substitute user", not "superuser". Though it defaults to root if you don't specify a user.
sudo -s has entered the chat.
so you want every program that opens with your user to have root priviledge?
yes
...for obvious security reasons?
Someone out there has the sudo permissions on my machine without writing sudo
That's what THEY want you to think
Often the main reason is to guard against mistakes. Not security in the classical definition, as such.
"You are doing something really dangerous. Write sudo if you really mean it." - something that can be trivially bypassed at will is not "security".
That but more importantly stopping an illegitimate person or program that somehow got control of your account but doesn't know your password from doing too much damage.
What do you mean by "too much damage"? Everyone stores their personal files under their personal account, which are generally the thing you care for and they will be accessible to malware. Only system files will be safe, which doesn’t matter much because the system can be just reinstalled.
It makes much more sense on the server, since servers are generally used by a lot of people and it’s important to keep others safe from one being hacked, that’s where this rule came from. But on a personal computer it’s pretty much irrelevant.
Well, you answered it by yourself. Linux is used mainly on servers and the extra protection is a base requirement. But even if your machine is not a server, it can easily be used by hackers as a server to do tons of illegal things, for which you will probably be held responsible by the way (good luck have fun if it was been used to exchange child porn).
Not me trying to downgrade a laptop BIOS because HP disabled clock/throttle/fan control, only to find out they also disabled downgrading : [ I get it, but also i paid for the thing & am not used to being told No and they really mean it, there's not some service code to type in or key combo to press. Can't jailbreak an enterprise machine ig
It's not for you, it's for programs you want to run. And you grant them privileges, and obviously you don't want all of them to have super user capabilities.
Is there actually a time when a program legitimately performs under non-root conditions but would be bad under root conditions? The only concerns I've ever read is malware doing bad stuff without root, and terrible stuff with root, but I don't see why you'd ever intentionally keep malware around, and the logical approach to a malware author would be to convince you root is necessary and that seems pretty easy to achieve with copy paste being the SOP of linux and developers. A lot of blind trust.
Some programs might unintentionally have bugs, granting remote code execution for example, and damage would be far worse when the program is run as root.
Almost nobody is checking every program they run, top to bottom, and the nature of bugs is that they aren't easy to spot.
It's just safer to run them as a normal user, and only escalate privileges when needed
Exactly.
The number of people in this thread who don't seem to understand how least privilege principle works is concerning me.
Simple example - it's not that uncommon (I mean it is really really uncommon, but it happens) for network connected applications to have exploits that allow for remote code execution. If the application doesn't have root permissions, neither does the bad actor utilizing the exploit.
Also, depending on how you do your versioning, a routine update to your stack can allow malware to sneak in. Once again, running the app without root privileges shields you from exposing root to the malware.
The real issue is that most apps that shouldn't need root access still use it so you have to use sudo for basically everything.
Single user mode is right there if you don't like authentication. Go ahead, see how far you get.
I built a new staircase in my house and the builder insisted on putting a handrail in. Pointless, I exclaimed, for I had previously climbed stairs without needing the handrail, and presumably would be able to do so again. Besides, these stairs don't even lead anywhere important at the moment.
So you don't break everything.
Except when you have to use sudo for installing literally anything.
So you don't do accidentally some stupid shit?
can't you just run disk encryption, then they have to steal your laptop while you are active on it.
That's why you have a hammer
Yes, but to what end? The disk has to be decrypted before you can use it. Individual file encryption would probably be more useful here, though even that has its limits; most of the time, you're going to need access to those files, so they're already decrypted (or the key is already available).
Well, the data at rest can't be viewed. Which means they have to literally nab it off you when you sit down and power it on and enter the decrypt password. Then they would have to keep it live to view to start accessing files.
Sure, if that's the actual threat vector you're worried about. But tell me, have you ever installed software without checking exactly what it does, or running it in some sort of sandbox? That's a much bigger threat, and it's one that a lot of people are weak to.
Always. A. Relevant. xkcd.
Precisely why my security model does not account for physical access. An assailant with that level of access has already compromised me significantly to the point where them installing things on my machine is the least of my concerns.
For example they could steal my property, install a hardware keylogger, poison my food, or just wait around a corner and whack me over the back of the head with a wrench (this is admittedly a workstation machine, not a laptop... though a modified scenario works for my mobile workstation too).
No. The password isn't to stop someone like that, they've already defeated the physical security measures and at that point nothing I do will actually stop them in any way that matters (even full disk encryption won't stop a hardware based keylogger or a covert camera since I'm not going to carefully inspect my home office and disassemble my peripherals and computer every time just to be paranoid).
No, the password exists in the security model to stop me. It's there to prevent careless mistakes and for the mindfulness it brings. Secondarily it's there to reduce the attack vectors a remote attack might bring, though ideally such attacks never make it past the firewall and are rendered impotent. The amount of times I've ^C'd a command because I spotted an error last minute (about the same time I hit 'return') is uncountable, and one could argue I should be more diligent. One would be right to argue that, but this is also the real world. I'm not always going to be at my sharpest.
I am an attack vector in my own security model, I have been accounted for and countered effectively.
Exactly! That $5 wrench is an effective way to get into your encryption.
Sudo without password is still of immense value, protecting us from ourselves, which is by far the biggest threat surface.
TIP: Git-manage vital directories. I have my /etc tracked in git, and that's saved me countless hours of hassles.
You still will. Let's be real here.
Jokes on them, I know people who instinctively do sudo before every statement. So the fail safe is you not writing sudo lol
Which is why the security model is flawed. If you can get elevated privileges by adding an extra word to your command and with no additional authentication there is literally no reason not to do that.
sudo requires a password from an authorized user by default
"Limiting stupidity limits creativity"
- someone smart, probably
LMAO
Ah yes, sudo has prevented me from doing stupid shit and breaking my OS. I have definitely never done that
You don't have to you can simply login as root if you dare
they dont want you to know this but you dont have to if you just use root as your main account
This, it is dangerous, ill advised and several applications are going to yell at you but it is absolutely doable
guess it would have been funny if I started learning about cs yesterday and didn't understood why there's a sudo mechanic.
Recently I got a YubiKey and configured sudo to use it, so now I just tap it instead of typing a password.
Why do I need a key to get into my house?! It's my own house
This incident will be reported
This incident have been reported
because your own machine doesnt know who is using it
Because the user is stupid.
Yes, you, and me, are both very stupid.
And if everyone had root access all the time there would be many more bricked computers
Sudo random script i found online go go go
yeah, because the computer knows whose machine it. related question: why does Gmail ask for my password when it's my email account?
No one is controlling you. But it's the same reason as folding your pocket knife when not using it, an exposed blade can hurt you. So can careless use of the root account, sudo acts as a barrier so you don't execute things as root that don't need it AND ideally as a point of impact where you think critically about what you're doing and why, an extra second to realize you've made an error if you will.
Imagine the scenario, you type a sudo rm -rf command... but you realize as you press return that the path is wrong. In this case sudo protects you since you can just ^C out of it.
There are many reasons for sudo, but it's largely just to protect you from carelessness. A very careful and diligent operator can probably use sudo reasonably safely, but are you always careful and diligent? Are you always operating at your very best, fully rested and free from distractions? I think not, the real world is full of variables and factors that can alter your state at whim.
Sudo is damage control on a single user system. There's an additional added benefit that a rogue software will have a more limited scope in regards to damage, though arguably on a single user system the files you actually care about are in your home directory so the damage is functionally catastrophic either way.
sudo is just a cheap ripoff of Windows Vista’s UAC… \s
Docker: "Here's a deal."
because we are dumb and mistakes come naturally.
sudo bash
You don't have to sudo if you're running under root.
Don't forget to use --i-am-very-stupid flag if you want to launch Hyprland though.
Personally I am surprised a post that is this ignorant of computing and security basics has already got the amount of traction it has already achieved in a sub aimed at programmers.
The only people who might think its funny are non-technical users coming from Windows during their first day of using macOS or Linux.
"you are not in the sudoers file. this incident will be reported."
...to who, its my own machine?
KZZZRRRRRTT
This explains why my cat suddenly got root access and started scheduling treats at 3 AM. Jokes aside, it’s wild how much we take for granted when we assume our machines are truly "ours." Maybe the real root was the friends we made along the way, or just some sysadmin laughing at our sudo requests. Either way, I’m keeping an eye on my cat’s command history now.
sudo why do I have to sudo if it's my own local machine
just install the linux on the bare metal
get into root by su
travel back with me to the beginnings
Why do I have to root if I own my phon
Or you edit the sudoers file. It’s your local machine, make it as unsafe as you want
In case someone else have yo use your machine
I'm convinced no one in this sub has programming experience.
find . -type f -executable -user 0 -exec chmod u+s {} \;
(Don’t do that.)
What does this have to do with cs, though?
My CS classes were taught entirely on Linux machines
It's like that so you can do rm -rf $EMPTY_VAR/ without nuking your entire install, and nuke only your home dir. Try that as the root user, I'm sure that will go well for you.
Why do I need keys to enter my own house? This is stupid
Where's my sandwich?
kid named separation of concerns
It’s to prevent people from doing stupid stuff accidentally
If it's your local machine, just log in as root.
or if you want to sudo... `sudo bash`
Bout to find out how to get rid of user perms and make everyone root. What's the worst thing that could happen???
Slack Aman to fix
“Super User Do”
It would be nice if Gnome implemented a Windows style pop-up "Yes/No" box for the stuff they ask for passwords for. Make it a tick box on the login screen to "remember password for sudo actions".
It's not going to happen because the way to implement that seems scary. An always engaged password file.
Submit a patch and see what they say :)
Edit: call it "psudo" for when used from the command line, so that it can pop-up a dialogue.
You are probably the type of person that solves permission issue by running sudo chmod -R 777 /
I misread this shit and thought this was a joke about Pseudoephedrine (Pseudo).., and was really confused for a second..
The hdd of my old dead linux system must be rotating in it's grave
Nah fr
there's a platypus controlling me.
Because a machine can have multiple users? Dumb meme is dumb
But WHAT do the government have?!
Okay, but hear me out.
What if it becomes not your machine?
:3
As my senior once said: "I'm giving you root access. You need to be very careful with this. It's like running around with a chainsaw."
Why bring that nonsense to your daily driver?
not a single mention of the wheel group. fucking newbs.
Can't believe ir's 2025 and people still want to go back to EVERYTHING IS ROOT insecure as fuck Windows 98 bullshit.
Yes, it's your computer. That's why you have rhe root password/sudo access. If it wasn't your computer, you wouldn't. Maybe you shouldn't if you think you should run as root all the time.
You don't have to, it depends on your configuration
People like you are why IT doesn’t wanna give the rest of us sudo on our workstations.
If your system is compromised, say, for example, a remote code execution vulnerability in your browser that is used to get a foothold, the running process started by the attacker is running under your user account. It’s convenient that they cannot escalate their privileges without knowing a credential. Also, it protects you from yourself as to taking deliberate actions that might change the system.
If you login as root, you don't have to sudo.
Woooooonderssss!!!
You can set various commands to automatically run as a given user in your sudoers file. Or (better choice) to do that only when run by your login user, so random services running as other users won't be able to run them.
Why does my bank app ask for a password when I'm the one logging in?
go ahead delete your personal account and only use root. I'm sure everything will be okay
Exactly. If you really want, its totally possible. Is it a good idea? No, no, it really isn't.
Eeeeh I’ve been pretty liberal with root usage for the majority of a decade now running an infra of ~250 servers, this advice makes sense on paper but it’s like telling chefs not to use sharp knives imo. Just like.. know what the commands you type in do? And chmod and chown the files you touch.
Ouch, easy way to say your incompetent imo. I'm a basic system admin and the amount of software I've installed that directly tells you not to install to root due to security vulnerabilities has me cringing. Maybe I'm being too safe, but when I ran 20 dedicated servers for my 500 clients we had security as our number 1 priority. It's not hard to disable root login, and stick to your own account with sudo when needed.
Yeah, I'm not sure if it's so much, "I can run everything as root and as long as I'm careful and nothing goes wrong it will be fine", it's more like "It has way more access than it should for little reason (minorly inconvenient), and if and when anything goes wrong it could be catastrophic by comparison". And if you're expecting nothing to ever go wrong, well that's just... not gonna happen lol. I can understand running certain things as root under certain circumstances, but just always running everything as root for "no reason" seems completely insane to me. There's a reason that the concept of compartmentalization exists, and in my opinion it's very important to understand and respect that.
Yeah agreed. And if you're working with "250 servers" you should be basically an industry professional. Which means following simple safety protocols. If they're skimping on this, what else are they considering "not important"?
We layered our security heavily. root login disabled, SSH keys enforced, changing the port and hiding it behind a VPN, as well as standard 2FA for all staff accounts, but also Microsoft 2FA to even access any of our staff panels. We did a LOT more as well, but security should be number one as a system admin, or you're clearly slacking.
And I'm not a professional, I pay others to do the professional work for me. I'm a hobbyist, so I know the general practices to be safe, and why they matter. But I trust others to do it properly, and I verify that it's done in a smart manner.
We have all that + SELinux + individualized firewalld rules per server role and network segment. Root login is disabled im not sure why yall are assuming otherwise? You can log in and then assume su. Pain in the ass for ansible but we make the sacrifice for that good practice and many others. Not sure why so many people are assuming that I’m just leaving the doors wide open just because I said know what your commands do
The way you worded it, sounded like you do everything as root. You can't just tell the Internet you know what you're doing and expect us to believe you 😂
That said, fair point. The software I work with isn't safe to even do that with, but if you DO know what you're doing, and use it that way then of course. You're all good
Yeah, as I lay dying on this hill I’m starting to realize my statement is very workflow and job dependent and I’ve stepped on peoples sacred principle
If I had to guess the contention is you saying that you "use root pretty liberally". I think most people agree, you should use root extremely sparingly.
People love to go off on the silliest (perceived) indiscretion.
The whole argument around security with root/sudo is often silly to me anyways - like internal dev or testing machines needing security like fort knox. If an intruder has gotten into our network far enough that root access on those systems were even a possibility, then so many other safeguards would have failed and we would already be burning the whole thing down and standing up offsite backups. Permissions aren't squeaky clean on a random, internal, non-critical VM? Meaningless if a bad actor got in and the the whole environment is scorched earth. Obviously a very different discussion if we're talking external facing or a web server, I digress...
Because the people replying don't understand Linux at all and have just copy pasted instructions from the internet. They literally have no clue that there are other ways and that those other ways are ok too.
Copy pasting stuff = master of stuff to some people.
For me, the previous message did sound as they talked about using root terminals. Your are taking about running services as root, which is a very different topic. Anyway, I might be wrong. They also didn't say that they are only using root terminals. I think calling them incompetent is to early only based on the message.
Yeah I was literally just talking about using su in terminal workflows that require frequent escalation (checking services, docker, cron, non-user directories etc) , I’m not forcing services into using root privs when they don’t require it
That is fair. I won't argue with any of that :p
Root login is disabled, you can still escalate to su, and if once in a blue moon I need to install some unknown software that shouldn’t be root, it’s easy enough to run it while su but using a user account. Such software should likely have its own user and group too.
As part of my work I verify reports from companies who've had to disclose a data breach. I'm not at all surprised at that statement. The amount of "we've always done it like this and there's never been a problem" at small to medium size companies is just staggering, even after a major security breach.
"every time we haven't had a breach we haven't had a single breach"
I will have to make sure to add some questions about the UNIX permission model to my interview battery. You my friend are sitting on a time bomb waiting to take down your organization.
Hey who do ya work for? I’m looking for new clients to ransom.
LOL good luck dawg
I be chowning all kinds of shit
A la good ol'Wndows
Not even windows does that anymore, there is ""sudo"" (the UAC prompt) since win7 for riskier stuff.
And there even is an actual official attempt at a sudo equivalent in the windows CLI
It does work, but it is still just a UAC prompt, and doesn't even have a timout , it just keeps asking
Hey now don't be too harsh on Microsoft, they're a small indie company just trying their best.
Sudo was initially made in 1980: 45 years ago and Microsoft still managed to make it worse than it was then
They also apparently tried to patent it in 2009 claiming it was the same as UAC link from wikipedia
Apparently this is not true. The patent request was limited to a GUI with a list of approved user accounts, neither of which sudo has.
Color me surprised, hating on MS with fake news.
yeah big corpos gotta patent... gotta pile up the patent arsenal.
fuck Microsoft
It's what made Windows Vista a tough nut to crack. That was the point where they enforced privileges in a more sane manner, which led to the memes about "are you sure you want to move your mouse" and stuff.
That was the period where vendors and everyone had to update their stuff, since they couldn't assume they had unlimited write access everywhere anymore. (Even in the case of benign software.)
I worked on a huge legacy window app for years. It had to be run as administrator because it accessed the registry, wrote files to its local installed directory, and more. I dont think it was ever adapted and probably still does to this day.
It took 2 minutes to start up and ate over 1GB of ram. It's crazy how much you can keep adding to something and people still use it.
I’m running a program that has a “2026” version name and it’s by one of the largest software companies and it still doesn’t use user folders correctly. But it also fails when run as admin. It’s a really fun combination of half the configs breaking in user mode and half in admin mode.
Want network shares for your config file? Only guest. Want to save those config file changes? Only admin.
Since Vista even, UAC in its current form and tightened default permissions (Program Files not being user writeable by default) were arguably biggest compatibility break it had.
Linux just did it right from the start and went with keeping root permissions as on-demand rather than by default.
I think Program Files was only writable by administrators since before Vista, but you'd never notice since everyone ran Windows as administrator.
Windows has had admin since Windows 95. You would right click and “Run As” I believe in Windows 95 at launch. But nobody limited themselves because “security was overrated.” Until the internet became common
Wasn’t the UAC prompt introduced with Vista? And it was one of the highlights of windows 7 that it was tweaked to bother you less
There was no OS between XP and 7. Ballmer has invited you to Lake
LaogaiDEVELOPERS.Can't even connect/disconnect Bluetooth headphones via the command line without UAC swooping in. And there's no
sudoers.The broken windows permissions System is (by default) still better then having your user account be root. At least UAC is doing a yes/no question, although that never stops anyone lmao
On the PCs I setup for my family, I made a separate user account for them. They still know the password for the admin so they can install stuff, but just having to enter that password in the UAC dialogue has lowered the amount of times I have to be called because they fucked up the PC significantly. Suddenly the dialogue is not just a thing to dismiss, but actually something they think about.
And that is the root of the problem, the extra mindfulness of having to authenticate is a major contributor even if it's mostly invisible.
How is the Windows permissions system broken?
Mainly because every default user is admin and UAC is just a yes/no. It should at least require your password (like when you are not admin) even if you are an admin.
I also think it should not be as easy to disable UAC and give every app admin by default if it wants to. Could be a policy deeply burried somewhere or just completley removed imo as its a security nightmare
That's like saying Debian is broken because it makes you root if you set a password during installation. You can both run Windows as a standard user and you can require password for UAC, it's just not the default for a workgroup computer.
It not beeing the default is the problem here. No home user would willingly enable an extra step but I'd say 90% of windows users should definetly have that enabled.
Almost all desktop(!!) linux distributions definetly dont want you to log in as root as your primary session or they disable root completly by default. Effectively forcing you to enter your password to do system changes. Windows, the OS mostly used by people who dont undestand computers, does not do this. And thats why I think its broken
Funnily, I think Apple is/has inherited that crown now.
I say that as someone who uses Mac (and Linux) for work and windows in my spare time. Mostly for gaming.
iOS is arguably so much more user friendly than windows these days, and the iPhone/iPad has lured in a whole generation of computer illiterate people that are simultaneously "internet savvy" and tech illiterate.
Home install (non-AD) permission system is not for authentication, it’s just permission management. That’s why PC owner is by default admin and they just have to click Yes/No to confirmed elevated privileges.
Whole point of UAC is principle of least privilege - regularly running programs should have only basic privileges available and get elevated to admin/installer only when needed with user knowledge. UAC dialog is part of that - it doesn’t run in context of current user (if I’m not mistaken, it uses login screen “desktop session” or just separate session altogether) to prevent programs from just sending “Click yes” message to it directly, bypassing user action.
Whole point of UAC is to protect system from software doing bad things to it, not from users doing bad things.
If you are a limited user, UAC will require username and password of an admin account.
If you are an admin, UAC won't because you already provided the password when you logged in/unlocked.
On Windows that's the equivalent of trying to log in as SYSTEM. Most people don't realize there exists a level above Administrator.
Real OGs log in as Network
sudo chmod -R 777 /
Every account is now my account
You mean our account?
That's fine and all. Except all I'm doing is running sudo anyway if it fails the first time. Until the system warns me on what the consequences are, it is just an annoyance and that script or program will get sudo.
Sudo encourages a short password too, for the convenience.
the system cannot know the consequences of running an arbitrary program as root, so it's up to you as the user to understand the purpose and potential effects of whatever command you try to run
some sudo policies also support limited-time credential caching, so you might have to enter your password only once every ten minutes or something
You know you can configure sudo to not need a password right?
Also, depending on what you're using sudo to do just make sure you're in the owner group and have appropriate permissions.
I don't get why people need to use sudo that often anymore. But I also set things up so I don't have to in the first place.
sudo can be invoked by scripts so you kind of need it to have a password otherwise it's useless since a malicious script can just run it to elevate itself. Unless I'm misunderstanding and there's some sort of protection against this like UAC has.
UAC has protections against being automated so the user has to interact with it to elevate a process.
Package installs, system processes, docker, non-user directories are some examples I can think of where is more practical to just hit it with sudo rather than hack it via groups perms. Funnily enough, docker’s official solution is to create a docker group.. and grant it root privs
from my personal experience this is how all the coders roll, hence why nothing works when you try the app on another device.
People still run non-containerized code?? 😛
"Run as administrator"
Wouldn’t even make it into the dumbest shit I have done today.
that's what we did in the 1990s and early 2000s. everything was fine....until it wasn't
Real men run root