LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-13-2014, 11:09 AM   #31
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,037

Rep: Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099

Great suggestions for proper configuration of 'sudo'---thanks!

Quote:
Originally Posted by suicidaleggroll View Post
Where are you seeing that?
The "forbidden" command (sudo passwd root) can be found by googling "ubuntu root password" (it's the #1 search result) or by reading the Sticky thread at UbuntuForums:

https://help.ubuntu.com/community/RootSudo

Last edited by snowpine; 06-13-2014 at 11:24 AM.
 
Old 06-13-2014, 12:43 PM   #32
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
How often do you need root privileges? If it's rarely, or if it's often but just for specific tasks, then I would enable the root account, tuck the password away somewhere safe, and restrict your sudo access to just those few commands you need commonly. If you're regularly performing activities that require full root access to a wide variety of commands, then it probably wouldn't make much difference either way.

As the primary developer of a scientific sensor used for research/education, a few years ago I visited a university to help them with the installation and setup of a new lab for the students. The computers were all Linux machines due to the toolchains required for the sensors they would be using, and the IT guy at the university decided to use Ubuntu for his own reasons. Since this was a university lab, all machines were set up the same way, with a common lab user with a known password for all of the students to use. Naturally, this was the first user set up on the machines, which means it was permitted full sudo access, and being a lab, the user name and password for the account was written on the white board at the back of the room.

ANYBODY could walk into this lab and wipe out the entire network of machines within a minute, or install malware, or do anything they felt like doing. This is the kind of environment that Ubuntu's "security policy" results in. Lazy or ignorant admins inadvertently giving everybody in the world full root control of their machines. I mentioned this to the IT guy there, but he didn't seem interested, and it wasn't my place to "drive the point home", so that's how it was left. They'll probably be re-installing the OS on those machines a couple of times a year due to corruption, be it accidental or malicious, by the students or anybody else who happens to walk by the room when it's unlocked. This is the same thing that happens with Windows. Set up an account, let it do anything, let anybody use it, viruses ensue. The same admin would have to go out of his way to make a more "traditional" Linux system this insecure, but that's just "the way it is" on Ubuntu right out the box.

I guess that's really what it boils down to. On a traditional Linux system you have to go out of your way to compromise its security. On Ubuntu you have to go out of your way to make it secure. The starting point, and where most users leave the system permanently, is the difference.
 
Old 06-13-2014, 12:54 PM   #33
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,004

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
I have to agree that the sudo setup on Ubuntu seems a little ill thought out. On servers fine-grained sudo makes sense but Ubuntu doesn't do that. On PCs where there's a single user then root makes sense as there is only one person anyhow.

As an aside -- I bought a Raspberry Pi recently and I am totally appalled at the sudo set-up on it. I may start a new topic as it really has me gobsmacked.
 
Old 06-14-2014, 03:18 AM   #34
orasis
Member
 
Registered: Mar 2008
Distribution: Slackware, Free-BSD
Posts: 53

Rep: Reputation: 33
I also thought about distribution upgrades, upgrades almost always fail ... apt was not really designed for that. Ubuntu has coders, I don't see why they can't design an upgrade program that will actually work.
 
Old 06-14-2014, 11:06 AM   #35
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by orasis View Post
I also thought about distribution upgrades, upgrades almost always fail ... apt was not really designed for that. Ubuntu has coders, I don't see why they can't design an upgrade program that will actually work.
Meh, opensuse's upgrade process doesn't work either, same with rhel/centos, fedora, and all other distros I've tried.
 
Old 06-14-2014, 12:54 PM   #36
rokytnji
Senior Member
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 15 , Slackel 14.1, ChromeOS
Posts: 4,701
Blog Entries: 19

Rep: Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960Reputation: 1960
Gee whiz. As usual. Out here in the other end of the planet. I did not get the memo.

http://www.imagebam.com/image/d8ca39333119778
 
Old 06-15-2014, 07:59 AM   #37
Knightron
Senior Member
 
Registered: Jan 2011
Location: Australia
Distribution: OpenSUSE
Posts: 1,390
Blog Entries: 7

Rep: Reputation: 164Reputation: 164
Quote:
Originally Posted by orasis View Post
upgrades almost always fail ... apt was not really designed for that.

Yes it was, and it works exactly the way intended. If it doesn't work in Ubuntu, it's because of poor package design, or lack of testing, (maybe both), by designers.
 
Old 06-17-2014, 01:19 PM   #38
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,037

Rep: Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099
When I used to hang out at UbuntuForums, 9 out of 10 failed release-upgrades were reported by users who had added unofficial repos (such as various PPA's) to their software sources. (I also saw a lot of garbage sources.list files, for example users who follow random online tutorials for the wrong release, such as mixing "precise" repos with their "trusty" system, or even heaven forbid mixing Ubuntu and Debian repos, yes I have seen this!!) Users who had installed only Canonical-tested software from the main repos generally had a smoother upgrade path. (This was a couple of years back, so I can't testify as to the current situation.)

That said, I am a big fan of the "test first in Live mode, then if the new release pleases you, do a backup and fresh reinstall" technique; it just feels cleaner and more likely to result in a stable system.

Last edited by snowpine; 06-17-2014 at 01:22 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ubuntu 13.10: 8 Solid Reasons to Upgrade LXer Syndicated Linux News 0 10-22-2013 05:01 PM
LXer: Five reasons to be excited for Ubuntu 12.04 LXer Syndicated Linux News 0 04-25-2012 06:10 PM
LXer: 5 Reasons Why You Should Switch to Windows 7 (And 5 More Reasons Why You Should LXer Syndicated Linux News 0 10-24-2009 12:50 PM
LXer: 9 reasons to switch from Windows to Ubuntu LXer Syndicated Linux News 1 05-27-2009 06:02 PM
LXer: 7 reasons why Ubuntu is so successful LXer Syndicated Linux News 0 10-15-2007 07:40 AM


All times are GMT -5. The time now is 10:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration