Changing Root and Sudo pass
Might be a dumb question but is making the root password different from sudo password a good idea? I read that sudo obfuscates the root's password, so Idk if changing the root pass would interfer with that, or reduce security.. Also how would I know which setuid programs query other setuid programs in order to complete it's operation, is it hinted or referenced somewhere in the man pages? And would the targetpw flag in visudo negate the need for querying passwd? Thank you in advance!!
|
The sudo password is that of the user invoking the sudo command so it should not be the root password. In other words if user1 is issuing a command with sudo then user1 would use his/her password not root's. That is the purpose of sudo, so a normal user can execute a command as root without being root and no need to know the root password.
|
Thanks for the reply but why then on Ubuntu does the first user that's created with the installation use the default password (pass you setup during installation) for both sudo and root.. Of course I know that other users should not use the root password for their sudo, but for the admin is it ok? I guess it should be since it does this by default, but would changing either the sudo or root pass so that their not the same make it more secure?
|
There's no such thing as a 'sudo password' (as far as I-newbie-too know)!
It is *the user's*, different for each user. (like a website verifying YOUR pwd [to edit profile]) From this (#7) it looks like Ubuntu doesn't ask for a root password! Strange...other 'distro's do. Can someone explain (what's Ubuntu's *root* password?) Oh: it's "locked", so *su* (not meaning sudo) &login as root won't work. Apparently, it's possible to: sudo passwd root (to give root a password you choose) |
The general idea behind using "sudo" is that of least privilege. Accounts should have just enough access to get their jobs done, no more, no less. The way many distros apply "sudo" doesn't make that obvious because they just open the system wide open by default instead of providing a demo of the granularity available in "sudo"
I have no influence on the direction Ubuntu and Linux Mint take but if I were setting the defaults for /etc/sudoers, I would propose something like this for the initial default: Code:
%sudo ALL=(root:root) /usr/sbin/visudo "" Code:
%sudo ALL=(root:root) /usr/bin/apt-get There's more, but "sudo" is surprisingly advanced. Michael W Lucas covers it in his presentation sudo : you're doing it wrong and in his fairly concise book, sudo Mastery. Those two resources can be skimmed quickly to find the parts interesting for you, then you can dig deeper in the manual page for sudoers Code:
man sudoers |
OK ok mybad I remember sudo is just a group and by default the first user would be in that group (but why if their already in the admin group?) and then you enter your own user password.. And I meant Mint I apologize, but you can login to Ubuntu as root with sudo -i..
|
Quote:
For that reason, it is a good idea for Ubuntu users to always make a second account and use that second account for daily activities, leaving the first account only for when administration is necessary. Same for Linux Mint and others that have the same defaults. |
Quote:
|
Quote:
|
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Interesting stuff indeed, but I think it would just make people more Linux/GNU aware, and would inspire trying out different distros as a result. But idk everyone seems so content with Mac and Windows regardless..
|
All times are GMT -5. The time now is 08:03 AM. |