"sudo screen" vs. "screen -> sudo"
When I want to drop a root shell into screen, I usually do sudo screen
. A friend of mine first launches screen
, then drops a root shell in the screen session.
What is the better way of both from a security standpoint? Does it even matter?
Generally, processes should run as root only when it's really necessary. sudo screen
means that screen
itself and all shells under it are running as root, while screen
followed by sudo
means that only that shell runs as root.
So just looking at security, the latter is preferable, but if you really need to open a lot of root shells, you might decide to take the former approach for convenience.
An old post, but one I found myself googling the same question recently. I thought I could share my own feedback. I agree that 'screen sudo' should be the way to run it most times for two reasons
Security - Every piece of code that runs with higher privileges is a risk to services and data, and there is no benefit to screen to having those privileges. jjlin covered this pretty well already, but screen sudo means that there is less code running in an escalated privilege state.
Recovery - If you are using sudo to get a shell with higher privileges (e.g. screen sudo -s), then screen sudo means that the entire shell is running within a screen. Making it easier to ensure you recover all the state when you resume that screen.
I think the first (Security) is the strongest reason but they both have benefits.