Debian does not use sudo by default. I like sudo for admin tasks when being logged in as a regular user (mostly based on my experience with Ubuntu) for several reasons:
- No risk of an open root shell
- Logging of “who did it”
- Selective access can be configured flexibly
What I don’t like in Ubuntu is that the sudo password is the regular user’s password and that the root account is actually disabled:
- We lose one level of security (root password) and the regular user password is often not carefully chosen and maybe not kept secret enough (because maybe friends or family know it to do “regular user stuff” using your account.
- In a “one admin person” system like your typical laptop or desktop there is no concern that the root password would have to be shared among several admins.
So for these reasons I usually configure a “one admin person” Debian system like this (replace REGULAR_USERNAME with your regular username that will be the admin):
su - apt-get install sudo adduser REGULAR_USERNAME sudo visudo
In the visudo editor edit the “Defaults” line to use “targetpw”:
Defaults env_reset,targetpw
Then exit the root shell, log out as regular user and log in as regular user again (required to activate group membership).
Now your regular user should be able to do everything that root can do using sudo and the root password.
Oleander Donovan's IT blog 