First off sudo stands for “super user do” i.e “do something as the super user”. The super user is root. sudo --shell starts a shell with super user / root privileges. sudo someCommand runs someCommand with super user privileges.

In windows, for a really long time, your user had admin rights. When windows Vista came along, Microsoft had finally understood that that was a pretty bad idea and copied linux (or unix? whatever). That popup you get when installing stuff asking you for admin access? That’s a form of sudo someCommand with an interface built on top. You’ll get to see that in linux desktop environments too for example when you want to install new packages or update your system.

The reason why it’s a bad idea to always have admin access without a password, is that if you are ever infected or you forget your computer unlock, somebody can’t just install something at system level. It’s a small hurdle, but every little bit counts. It also allows you to separate users between those that do have the right to login as the root user and those that don’t.

Users without super user access are quite common as an additional form of security because if they are infested or a process being run by them is, then it’s more difficult for them to infect other users. For example if you have a user called chatserver that runs the ircd (IRC daemon) process, if your daemon (aka service) is hacked, the most damage they should be able to do is extract the data the chatserver user has access to. They won’t be able to access your userdata as it’s stored in /home/yourusername, which can only be accessed by the yourusername user and the yourusername group (plus ofcourse root).

It’s not a 100% fault-proof system, but it’s better than stepping into your house and having access to the master bedroom and your safe without having the key to it.

Anti Commercial-AI license