Things I have learned - Part 3

Quick entry today:

You can still use sudo when already root, so if for example you have to be root to trawl around in restricted directories in ways you can't with efficiently do with "sudo ls", you can and should still use "sudo " for actual operations, as it leaves a log trail for later (and can be traced to you by the original sudo on that terminal).

On the other side of the coin, if you typically just "sudo -s" or "sudo su - " or "sudo bash" (or any similar command) as your preferred use of sudo, then you need to carefully rethink. You've missed the point of sudo somewhat. I suppose "sudo -s" is the lesser of those evils, in that it leaves the commands in your own .bash_history (assuming bash of course) but they're not clearly marked as having been run as root, have no timestamps, and aren't in the normal logs. The only thing they can do is trace the action to you. (Yes, sometimes it's the only way, as in my first example, where you need to be looking around inside some deep directory structure and you need root level privileges from somewhere near the top of the tree, but it should be under very particular circumstances, not as your first command on logging into a server).

Sudo: It's not just a good idea, it's the law.