LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-29-2010, 10:29 PM   #16
OzzyBlood
LQ Newbie
 
Registered: Nov 2009
Distribution: Fedora 12
Posts: 23

Rep: Reputation: 16

Quote:
Originally Posted by schneidz View Post
i dont remember but i think fedora asks for the root passwd on a sudo.

now that i am playing with xbmc (debian based), when i do a sudo it asks for the user's passwd. it took me an hour to figure out what was wrong with the root passwd.

either way i just add myself to visudo.
I can't speak for earlier versions but I know fedora 12 uses the user password on sudo
 
Old 01-29-2010, 11:41 PM   #17
stonehinge03
LQ Newbie
 
Registered: Jan 2010
Posts: 21

Original Poster
Rep: Reputation: 15
"sudo su root" allows you to get the root prompt instead of all that sudo password asking.
 
Old 01-30-2010, 02:24 AM   #18
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
yes, and it is a REALLY REALLY BAD THING TO DO AND YOU WILL GO TO HELL and all that.

running su inside of sudo ruins the security model of both bits of code, there is much less audit trail and security. People doing this is so annoying becuase there's even a way to do exactly this properly in most sudo versions, using the -i option to give you a root shell.

IF you have to do something like that, then run "sudo -i" not "sudo su". and "sudo su root" is just a waste of 5 characters as root is assumed. Also not adding a - or a -l to the su part means you don't inherit the root user environment properly, paths are not modified etc, which is also a bad place to be.
 
Old 01-30-2010, 02:29 AM   #19
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by stonehinge03 View Post
Ha! So there is a distro that does the logical thing. I had to add a user to the "admin" group and that made that user and their password the de facto root account.
No, that is NOT logical based on the whole bloody point of sudo. If you're running a production server, then the root password should not be known or used to any extent, in order to provide security audit and such. sudoers files are instead securely managed to say that users of a certain group are allowed to do certain things as if they were root. The root password can be obscure and held in a vault somewhere under lock and key should direct root access be required. Otherwise an admin needs to log in with a human user account and have a good level of transparency over who did what.

It's not wrong, it's just a different security model than the one you want it to be. This does not make you right, and a million professional unix administrators wrong.
 
Old 01-30-2010, 03:08 AM   #20
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
Quote:
Originally Posted by schneidz View Post
i dont remember but i think fedora asks for the root passwd on a sudo.

now that i am playing with xbmc (debian based), when i do a sudo it asks for the user's passwd. it took me an hour to figure out what was wrong with the root passwd.

either way i just add myself to visudo.
This should be configurable by adding options like add making a rootpw option and setting it to no... but I am not certain on how fedora handles it, I'll have a play around later when I get a fedora VM up and running to test it out.
 
Old 01-30-2010, 03:45 AM   #21
stonehinge03
LQ Newbie
 
Registered: Jan 2010
Posts: 21

Original Poster
Rep: Reputation: 15
Hmm. "sudo su root" drops you into a root shell complete with the number sign prompt. When I got ubuntu I was told that you couldn't get a root prompt but I tried the "sudo su" combination and got one.
 
Old 01-30-2010, 04:22 AM   #22
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,036

Rep: Reputation: 96
The root account on Ubuntu is disabled by default, but it doesn't have to remain disabled.

All you have to do is set a root password.

Code:
sudo passwd root
Once root has a password, you can use su and specify the root password.

When using su I prefer to use the - option to get it to reset the environment variables (it's good to get in the habit)

Code:
su -
 
Old 01-30-2010, 04:23 AM   #23
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
Ubuntu can be tricked in many ways to make a root shell, really it's done well enough so most newbies (as in new linux users as opposed to n00b l33ters) can not go around as root and destory everything but those that have enough knowledge to do it, still can. My favorite is sudo /bin/dash.

Personally I prefer the escalation method of having a normal user account to a super user account as opposed to direct super user logins.
 
Old 01-30-2010, 06:01 AM   #24
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by Disillusionist View Post
The root account on Ubuntu is disabled by default, but it doesn't have to remain disabled.

All you have to do is set a root password.

Code:
sudo passwd root
Once root has a password, you can use su and specify the root password.

When using su I prefer to use the - option to get it to reset the environment variables (it's good to get in the habit)

Code:
su -
It's not "disabled" it just has no password in line the security model. It's no tip nor trick to give it a passwd against recommendations and logic.
 
Old 01-30-2010, 06:03 AM   #25
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by r3sistance View Post
My favorite is sudo /bin/dash.
What is it with people and nasty hacks?

Still, in the sudo model dumped on me at work, our DBA's all have access to vi via sudo (and mv, cp, ifconfig, kill, init and rm), try making any sense of that...
 
Old 01-30-2010, 06:48 AM   #26
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
This is only for Ubuntu, I generally don't like dealing with ubuntu too much, I deal more with servers and most of my work is usually emergency maintainance after someone has killed their own server thus root shells make things alot quicker, faster and more effecient then you know, creating new $PATH entries, retyping sudo, and searching for everything =P. However I don't like it when SSH is open to root, that's just asking for trouble in my opinion.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo fails - "sudo: can't get hostname: Success" fantasygoat Linux - Server 3 10-01-2009 03:59 PM
Shell "at" and "sudo" question discomurder Programming 1 02-11-2009 07:38 PM
cannot "sudo apt-get uptate" or "sudo" anything! plz help mdguy21061 Linux - Newbie 7 04-14-2008 12:59 AM
how do I get around the "submit passwd" prompt in ubuntu even if I use "sudo"? t3gah Linux - Distributions 1 02-22-2005 05:42 PM
normal user want to perform "init 6" by using " sudo acbenny Linux - General 3 08-08-2004 08:41 AM


All times are GMT -5. The time now is 03:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration