LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Changing Root and Sudo pass (https://www.linuxquestions.org/questions/linux-newbie-8/changing-root-and-sudo-pass-4175590536/)

linux4evr5581 10-01-2016 01:21 AM

Changing Root and Sudo pass
 
Might be a dumb question but is making the root password different from sudo password a good idea? I read that sudo obfuscates the root's password, so Idk if changing the root pass would interfer with that, or reduce security.. Also how would I know which setuid programs query other setuid programs in order to complete it's operation, is it hinted or referenced somewhere in the man pages? And would the targetpw flag in visudo negate the need for querying passwd? Thank you in advance!!

lazydog 10-01-2016 01:46 AM

The sudo password is that of the user invoking the sudo command so it should not be the root password. In other words if user1 is issuing a command with sudo then user1 would use his/her password not root's. That is the purpose of sudo, so a normal user can execute a command as root without being root and no need to know the root password.

linux4evr5581 10-01-2016 02:11 AM

Thanks for the reply but why then on Ubuntu does the first user that's created with the installation use the default password (pass you setup during installation) for both sudo and root.. Of course I know that other users should not use the root password for their sudo, but for the admin is it ok? I guess it should be since it does this by default, but would changing either the sudo or root pass so that their not the same make it more secure?

Jjanel 10-01-2016 02:31 AM

There's no such thing as a 'sudo password' (as far as I-newbie-too know)!
It is *the user's*, different for each user. (like a website verifying YOUR pwd [to edit profile])
From this (#7) it looks like Ubuntu doesn't ask for a root password!
Strange...other 'distro's do. Can someone explain (what's Ubuntu's *root* password?)
Oh: it's "locked", so *su* (not meaning sudo) &login as root won't work.
Apparently, it's possible to: sudo passwd root (to give root a password you choose)

Turbocapitalist 10-01-2016 03:01 AM

The general idea behind using "sudo" is that of least privilege. Accounts should have just enough access to get their jobs done, no more, no less. The way many distros apply "sudo" doesn't make that obvious because they just open the system wide open by default instead of providing a demo of the granularity available in "sudo"

I have no influence on the direction Ubuntu and Linux Mint take but if I were setting the defaults for /etc/sudoers, I would propose something like this for the initial default:

Code:

%sudo ALL=(root:root) /usr/sbin/visudo ""
However, to have mercy on beginners, it would also have to include something like the following or the graphical equivalent:

Code:

%sudo ALL=(root:root) /usr/bin/apt-get
Those two lines would make users in the group "sudo" able to install or remove packages as well as customize "sudo".

There's more, but "sudo" is surprisingly advanced. Michael W Lucas covers it in his presentation sudo : you're doing it wrong and in his fairly concise book, sudo Mastery. Those two resources can be skimmed quickly to find the parts interesting for you, then you can dig deeper in the manual page for sudoers

Code:

man sudoers

linux4evr5581 10-01-2016 03:11 AM

OK ok mybad I remember sudo is just a group and by default the first user would be in that group (but why if their already in the admin group?) and then you enter your own user password.. And I meant Mint I apologize, but you can login to Ubuntu as root with sudo -i..

Turbocapitalist 10-01-2016 03:19 AM

Quote:

Originally Posted by linux4evr5581 (Post 5612320)
you can login to Ubuntu as root with sudo -i..

Yes, that's an example of it being a bit too loose and not showing what it can do.

For that reason, it is a good idea for Ubuntu users to always make a second account and use that second account for daily activities, leaving the first account only for when administration is necessary. Same for Linux Mint and others that have the same defaults.

linux4evr5581 10-01-2016 03:19 AM

Quote:

Originally Posted by Turbocapitalist (Post 5612317)
The general idea behind using "sudo" is that of least privilege. Accounts should have just enough access to get their jobs done, no more, no less. The way many distros apply "sudo" doesn't make that obvious because they just open the system wide open by default instead of providing a demo of the granularity available in "sudo"

I have no influence on the direction Ubuntu and Linux Mint take but if I were setting the defaults for /etc/sudoers, I would propose something like this for the initial default:

Code:

%sudo ALL=(root:root) /usr/sbin/visudo ""
However, to have mercy on beginners, it would also have to include something like the following or the graphical equivalent:

Code:

%sudo ALL=(root:root) /usr/bin/apt-get
Those two lines would make users in the group "sudo" able to install or remove packages as well as customize "sudo".

There's more, but "sudo" is surprisingly advanced. Michael W Lucas covers it in his presentation sudo : you're doing it wrong and in his fairly concise book, sudo Mastery. Those two resources can be skimmed quickly to find the parts interesting for you, then you can dig deeper in the manual page for sudoers

Code:

man sudoers

Thanks for the tips I might use that policy!

linux4evr5581 10-01-2016 03:24 AM

Quote:

Originally Posted by Turbocapitalist (Post 5612322)
Yes, that's an example of it being a bit too loose and not showing what it can do.

For that reason, it is a good idea for Ubuntu users to always make a second account and use that second account for daily activities, leaving the first account only for when administration is necessary. Same for Linux Mint and others that have the same defaults.

Good to know I was just missing/forgot a few fine points about sudo that you,lazydog, and jjanel mentioned (haven't messed with it in awhile) anyways thanks again

Habitual 10-01-2016 04:58 AM

Sudo: you're doing it wrong.
https://help.ubuntu.com/community/RootSudo
https://wiki.debian.org/sudo
https://wiki.archlinux.org/index.php/Sudo

Every distro ships with sudo?

BW-userx 10-01-2016 01:36 PM

Quote:

Originally Posted by linux4evr5581 (Post 5612310)
Thanks for the reply but why then on Ubuntu does the first user that's created with the installation use the default password (pass you setup during installation) for both sudo and root.. Of course I know that other users should not use the root password for their sudo, but for the admin is it ok? I guess it should be since it does this by default, but would changing either the sudo or root pass so that their not the same make it more secure?

you do not get a root in ubuntututututu they think they know best for everyone .. so they deveate LINUX/GNU ~ UNIX Norms ...

linux4evr5581 10-01-2016 02:16 PM

I think with Debian you have to install it, unless they changed it..

linux4evr5581 10-01-2016 02:17 PM

Quote:

Originally Posted by BW-userx (Post 5612495)
you do not get a root in ubuntututututu they think they know best for everyone .. so they deveate LINUX/GNU ~ UNIX Norms ...

I'm assuming that's why theres quite a few variations of it..

BW-userx 10-01-2016 03:01 PM

Quote:

Originally Posted by linux4evr5581 (Post 5612515)
I'm assuming that's why theres quite a few variations of it..

personaly I think they are trying to mimic Windows a close as possiable without being called a sell out to windows to get more people leaving Windows to use there version then the other ones that are actually more not windows. it is an evil conspiracy plot I TELL YA!!! :doh: from what I've lightly read windows is now trying to widdle its way into the linux world. be carefull they put netscape out of busness by thier pratices of trying to make the windows os a completely internet aware OS, you could actually use the fielmanager to get to in internet instead of their crapy web browser that always crashes and still does, that what I did, anyways, that made too many secritiy leaks so they had to pull back a little, but it was their long enough to put netscape out of bussness.

linux4evr5581 10-01-2016 03:18 PM

Interesting stuff indeed, but I think it would just make people more Linux/GNU aware, and would inspire trying out different distros as a result. But idk everyone seems so content with Mac and Windows regardless..


All times are GMT -5. The time now is 08:03 AM.