Ask HN: Do you have sudo on your company-issued machine?

by benburtonon 3/18/2022, 11:17:25 PM with 11 comments
  • by shooon 3/19/2022, 3:02:33 AM

    megacorp; laptops have much enterprise security & surveillance bloatware installed. whirrr, such cpu fan, very compliance. by default no one has local admin rights for their work laptop. developers are approved local admin rights upon request.

    once blessed with local admin rights, developers manually invoke a utility to grant themselves temporary admin permission for a limited time period each time they wish to sudo. this sounds worse than it is in practice, provided one doesn't need to sudo continually.

  • by Isammocon 3/19/2022, 10:46:30 AM

    I won't work anymore for a company than ask me to work without being able to install the tools I need to work.

    Current work sent tech employees a blank computer and any licenses we ask. So basically, you'll have sudo if you install it.

    On the other hand, we are often reminded to upgrade our stack / to check if we have been compromised, etc.

  • by icedchaion 3/19/2022, 12:11:04 AM

    At my current employer they have mobile device management and corporate "security" software installed. It appears to do full network monitoring / event capture. Performance on the machine is terrible due to all the resulting overhead. Recently several devs have complained and had it disabled. We all do have sudo.

  • by jkaon 3/18/2022, 11:24:43 PM

    Regardless: as a software employer, I'd currently treat any contributor device as loaded with malware, under surveillance, potentially hostile, and with the possibility that it will reside on competitor networks in future.

    Ultimately most of the contributions I'm looking for are plaintext and reviewable -- none of the above properties should be blockers, so the way to maximize contributions is to allow for all of them.

  • by PaulHouleon 3/18/2022, 11:43:34 PM

    I have a managed Windows machine I used at work that I wouldn't normally have Administrator access to but I do because I am a software dev.

  • by LinuxBenderon 3/19/2022, 4:05:58 PM

    I would add to that, if yes does the company allow and test for passwordless sudo? Reason being that passwordless sudo + ssh multiplexing makes bypassing 2FA/MFA via phishing a breeze.

    One can test this in scripts with

      sudo -n

  • by kevincoxon 3/19/2022, 11:52:07 PM

    My current work laptop is self managed, so yes. My previous was a locked down Mac and I don't think I had full admin. Before that I did have root on both my desktop and laptop.

  • by ubermanon 3/18/2022, 11:20:31 PM

    I do yes, and I can't really imagine being able to do my job without it.

  • by nikonyrhon 3/23/2022, 8:01:58 PM

    We are encouraged to install Spotify and Steam during the first week :)

  • by jghnon 3/19/2022, 2:19:54 AM

    Yes. My last few jobs, developers get full admin/root access to their personal machines.

  • by smoyeron 3/19/2022, 12:38:56 AM

    Yes