Okay, call me naive...

I've installed (and used) sudo on a number of distros (debian, ubuntu, gentoo) and I can not understand the security in it. Perhaps I have it set up wrong? (and always have?)

Okay, so is it supposed to be that when sudo asks you for a password you type in the user's password? Wouldn't that mean that anyone who knows the password of the user can run applications/commands as root?

I'm sorry, it would just make more sense to me if it actually asked you for the *root* password instead. Just my two cents.

Read this:

https://wiki.ubuntu.com/RootSudo

Okay, that was a nice read, and some good information about sudo, but I don't see how the article addresses the security issues at stake. If a hacker can get into your system's sudo-priveleged user's account (considering I run linux as a desktop, that's not extremely important to me...despite a few days of troubleshooting), I believe it would be a lot easier for him to do serious damage.

For the hacker to compromise your system, he must simply learn the user password (with most of the people I know, that's the same password they use for everything; phishing would work against the n00b no problem), then sudo whatever commands he wants with the user password, such as "rm -Rf /" or something. Heheheh...

I guess that's a pretty far-fetched scenario, but it /does/ feel a bit less secure to me.

According to the article, however, it would seem that the security (in theory) is the same as su, but I believe in practice it is somewhat less secure.

But therein lies your security problems.

1) Using the same password for everything is a serious security risk.
2) If you are a user with sudo privileges then it is your responsibility to make sure that your password is -not- easy to guess. An individual user's password should be just as "sacred" as root's password.
3) "N00bs" should not be given sudo privileges.

A responsible sys admin would only give sudo privileges to responsible users, and a user that can't pick a good password is not a responsible user. Also, you can limit the commands available via sudo to various users, but that doesn't change the fact that picking bad passwords is not a good thing to do.

Depending on what you are trying to do, you may also want to consider not using sudo and doing things another way. For example, if you are letting users have sudo privileges so that they can say, run a program that writes to a file in a place only root has access to; consider setuid'ing that program to root (and making sure only root has write access to the binary itself) instead if you trust the program more than the users and you know the program can't do anything evil.

Also, that link does mention security issues and compares it with su and not using sudo at all.

Jason

But how is that any different from the theoretical hacker "simply" learning the root password. If someone keeps a lousy username password, she's also likely to keep a lousy (i.e., easy-to-guess) root password.

Also, if you have to log in as root or su, it's possible to just leave yourself logged in there for a while. You have to sudo every command you put in.

Not true. You can leave yourself logged in via sudo the same way as with su. Done like this:
# sudo su -

A benefit of sudo that has been missed in this thread is the fact that it can be configured for its own passwords. See this URL for more details:
http://www.ducea.com/2006/06/18/linu...sswd-nopasswd/

Set up properly, the user would have to do this in order to gain root access:

- Log on to the machine with the appropriate username and the user's password
- Run commands as root via sudo, using his/her specific sudo password.

This adds an extra layer of security. Compromising the user's account password doesn't compromise root access, unless both passwords are compromised.

Well, actually no, done like this: sudo -s see man 8 sudo.

And you can configure sudo to use the root password if you like. But I believe that locking root is more secure, since the hacker theoretically has to guess your username + password, when root's username is just... "root".

Yeah, that is it, most hackers instinctively present themselves as "root". The absence of root is an extra hurdle for them to take.

The problem I see with "sudo" is that when you install Ubuntu (for example) it ask you for the default user/password which has "sudo" privileges.

If the person is installing Ubuntu for the first time and has almost no experience with Linux (and maybe believes that it would be the same as in Win.) then it would choose an easy username and easy password (to prevent forgetting it).

So, because it has "sudo" privileges, technically any person could guess the username/password if can get some information about that person (emails usernames, forum usernames, etc...). Maybe not that easy...

Even this post was created in 2005, still worthy to talk about it...

Cheers!

You guys are missing the point of sudo.

Sudo is meant to allow non-root users to run very specific commands as root. The key words to think about are "very specific commands".

It is extrememly bad form to allow a user to run any command, or even open-ended commands as root. Some BAD examples would be allowing a user to 'sudo bash', 'sudo rm', etc.

The proper usage to allow a user to delete files would be to put specific rm commands in a batch file that delete a specific directory, and then give the user rights to run the script as sudo. The point being that you restrict any additional or unforseen opportunity for the user to modify, expand, or change what they are allowed to do as root.

The purpose of asking the user to type in a password is an additional security measure for the id10T user that is granted sudo access and still doesn't secure their terminal during the day - that would allow anyone to come up and 'sudo -l' and run all the sudo commands available to them without authentication.

Okay.. I don't get it, can you explain the difference between sudo -s, sudo bash, and sudo su, assuming bash is the default shell? I don't think any of them initialize the environment like a root login (add the - after su to get that), so why did you say "actually, no, rtfm"?

sudo su or sudo su - are redundant. sudo bash or sudo bash -l will start bash, but I, for example, am a zsh user and some other people prefer tcsh, etc.

So if you want a shell to perform administration,you should start it with sudo -s or sudo -i if you insist on having a login shell. For more options, you can also play with the env_keep options in the sudoers file.

Now, I am not sure why you would actually want a login shell. Maybe you can enlighten me.

For not create a unnecessary topic i don't understand this so much. I need tu use the terminal but it asks for a sudo password. It don't let me write nothing :s Anyone knows what it is?

Thanks

it is asking for your password (not root) and it will not echo it back to you. just type it in.

To reinforce the Admiral's post #10, the original idea of sudo was for root to allow a 'normal' user eg an operator to run a specific privileged cmd eg tape backup on a specific box (or boxes).
This is how the sudoers file is designed, if you read the extensive doc at the top of the file.
The fact that so many people set it as

sudo su -

is the admins fault, not the SW's, it was never meant for that abuse. Ubuntu doesn't help by locking the true root acct, thereby requiring a 'sudo su -' enabled acct to actually admin the box.
Its totally against the *nix way and only they do it.(afaik).