Is it possible to get rid of ' sudo '?

it never makes sense to me on a single user system to use an additional app like sudo

checking dependencies…
:: downgrade optionally requires sudo: for installation via sudo
:: inxi optionally requires sudo: inxi -Dx hddtemp-user;-o file-user
:: pacman-contrib optionally requires sudo: privilege elevation for several scripts
:: yay optionally requires sudo

so, would it be possible to remove it, without breaking the system?

Not without replacing it or without removing those packages.

It would also introduce a bunch of security risk since you would have to run things as root that shouldn’t be run as root.

As an example, consider makepkg which shouldn’t be run as root but needs to escalate privileges to install the resultant package.

I suppose you could create a package that replaces sudo with some variant of su -c but I have no idea how that would make your system more(or less) secure.


You need a tool to temporarily grant admin rights to you. If it is not sudo you could try to use doas. But you need something.

1 Like

It makes sense to me. I don’t want to run everything as root. And I especially don’t want any program to have root access. Especially proprietary ones, but also free ones, because I don’t have the time nor the inclination to check every line of code.

If I’m not going to take advantage of POSIX user privileges, I may as well use windoze, and a filesystem like fat or ntfs.


AFAIK you need something LIKE it to function. That said, you can make it less work to use than it usually is. An alias that shortens it is feasible and easy - and an easy to type password can also be set if you are comfortable with the idea. Security is a state of mind anyway :grin:

However, too much can be be messed up in the system if the root user is the only user fulltime - it is not designed to handle it! (it is not Administrator mode on Windows!)

i don’t quite understand.

so, some apps are running with elevated privileges?

on a GenToo system or any other systems i used in the past (Debian Sid), it all worked without things like sudo.

makepkg - only using it as root makes sense, why as user with sudo, it is the same user anyway, because most systems are used by only one user.

so why sudo on single user system?

doas - another additional tool, no, but no thank you.

no offence :upside_down_face:

No it should never be run as root. It can be run as a normal user for 99% of the process. It only needs root for a small portion of it’s operation.

This is what happens if you try to run makepkg as root.

==> ERROR: Running makepkg as root is not allowed as it can cause permanent, catastrophic damage to your system.


I think you are misunderstanding the risk. Just because your user account can use sudo to run things as root, doesn’t mean you should. You should only run programs as root that absolutely require it. Whether the system is single-user or not is immaterial.

Consider another example, generating a new mirrorlist. You don’t want to generate the mirrorlist as root but you need to root to install it. This is where sudo or other tools have clear value. They allow you to perform actions partially as root.

Lastly, don’t forget that unless you remove polkit, you will also have pkexec which does the same thing.


Not really. I mean, if by “user” you mean a human being in front of the computer then yes, most computers are used by one person. However, you have multiple user accounts. Just look at your /etc/passwd file, it has maybe two dozen or so users. It’s not a single user computer in this sense (even though only one human being is using it). None of these users, except root, have root access, for security reasons. Tasks you can do without root access, you should do without root access, otherwise you’re just creating a vulnerability.

But when you, a human being using the computer, want to have root access, a program like sudo becomes very useful, because it allows a temporary privilege escalation, unlike switching to root to do these tasks.


The system will work without sudo, you just have to do without the programs that require it.

but my GenToo system works perfect without sudo - never used it before in my life!

From the omniscient ArchWiki:

Sudo is an alternative to su for running commands as root. Unlike su, which launches a root shell that allows all further commands root access, sudo instead grants temporary privilege elevation to a single command. By enabling root privileges only when needed, sudo usage reduces the likelihood that a typo or a bug in an invoked command will ruin the system.

1 Like

but even though it can mutate to a backdoor - a single command is what a bad boy needs!?

Just because you can do something doesn’t mean it is a good security practice.


So, do you always switch to root with su before you use emerge? Or are you just constantly logged in as root?

yes, portage has an extra FEATURES=buildpkg option - while emerging new packages, i can always go back to the older one with emerge -va =old-package-file-123 --usepkg=yes - except glibc !

even if my system get nuked - reinstalling the whole system with --usepkg=yes is fun :sunglasses: :laughing:

I see sudo also as a convenience helper, it makes system rights usage easier and safer.

And I would say simply try it … install system in a VM and go to uninstall sudo… if it works for you, do the same on your main system :wink:

1 Like

You haven’t answer my question. Are you always logged in as root?

You haven’t answer my question. Are you always logged in as root?

sorry, only for portage on a terminal - with su, so yes.

Here is a practical example why I like sudo. Suppose I want to run a program as my normal user (I don’t want it to have root access, because I don’t trust it), but I want the standard output of that program to be redirected to a file owned by the root. How am I to accomplish that?

I could redirect the output to a temporary file owned by my normal user, then start a new shell session with su and login as root and then move the file overwriting the one owned by root.

Or, I could just run this as my normal user:

problematic_program | sudo tee /file_owned_by_root

Here, the only process that has elevated privileges is tee, which is a perfectly trustworthy utility.

It does the exact same thing as the example above with the temporary file, but it’s so much more convenient.