Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Void, Linux From Scratch, Slackware64
Posts: 3,150
Rep:
If you don't have sudo you can't do anything that needs admin privileges as a normal user, also a number of packages use sudo as a backend, of course if you don't add a user to the sudoers file in /etc that user can't use sudo anyway so sudo is pretty secure, unless you know what you are doing I would leave sudo alone.
I think you need to "administer" sudo and properly configure it so that it can safely be used. The regular users will need root privileges from time to time and sudo is the best manner to give it to them.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Personally I'm not convinced of the value of sudo on a single-user system, and haven't found a use for it myself, but on a server it is usually used to increase security as it can be used to give minimal permissions where needed.
I have a few cron jobs that run under my regular ID but need root privilege to do one or two specific things (e.g., reading the counts from some iptables rules). I can set up sudoers to allow my ID to run just those exact commands with no password. Any other way would be granting more privilege than is needed.
I have a few cron jobs that run under my regular ID but need root privilege to do one or two specific things ...
... whereas my personal "take" on this point would be, "where is the 'bright line rule™' here?"
The computer cannot distinguish between "a sudo request issued by <<user-X>> in a cron job," from ... "any other sudo request issued by <<user-X>>."
From the computer's point of view, "either: <<user-X>> is allowed to 'use sudo', or: 's/he is not.'"
If you need to do "certain things" that are "an exception to the rule" for your <<user-X>>, then you should arrange to have them be performed under the auspices of a different user-ID, which has elevated privileges and which is expressly used for no other purpose. Only then, does "the binary machine" have "a binary bright-line rule" that it can actually use and enforce.
... whereas my personal "take" on this point would be, "where is the 'bright line rule™' here?"
The computer cannot distinguish between "a sudo request issued by <<user-X>> in a cron job," from ... "any other sudo request issued by <<user-X>>."
It doesn't need to. The commands are harmless, collecting certain statistics from the networking. The sudoers lines permit those particular commands to be run only with those exact arguments. Anyone who gets into my ID and is really interested in how many bytes were sent and received on interface eth1 can run them. That would be about the least harmful thing they could do.
Creating another ID with elevated privileges would represent a much more serious security hole unless done very, very carefully. sudo takes that care for me.
First, there are different ways to configure sudo. Some ways are secure, some are not.
If you configure sudo yourself for a user, and understand what you are doing, then it can be secure.
If you just use sudo as you would su (with full privileges), then I believe it is less secure than su. The main difference being one password versus two different passwords. Although you do have to put in a password every time you run a command with sudo or su, the fact that su requires a different password makes it more secure.
A user password is typically used more often than the root password, or that's the way it should be. I mean, I login to my computer every day with my user password, but I don't necessarily use my root password every day. The Ubuntu argument is that sudo is better because it prevents users from running as root. This is not entirely correct. Using sudo is definitely better than running as root, but using a different password for root is better still.
For newbies/Ubuntu users it works pretty well, but isn't optimal IMO.
You do not need to disable sudo, but you should know what it is and how to configure it.
First, there are different ways to configure sudo. Some ways are secure, some are not.
If you configure sudo yourself for a user, and understand what you are doing, then it can be secure.
If you just use sudo as you would su (with full privileges), then I believe it is less secure than su. The main difference being one password versus two different passwords. Although you do have to put in a password every time you run a command with sudo or su, the fact that su requires a different password makes it more secure.
A user password is typically used more often than the root password, or that's the way it should be. I mean, I login to my computer every day with my user password, but I don't necessarily use my root password every day. The Ubuntu argument is that sudo is better because it prevents users from running as root. This is not entirely correct. Using sudo is definitely better than running as root, but using a different password for root is better still.
For newbies/Ubuntu users it works pretty well, but isn't optimal IMO.
You do not need to disable sudo, but you should know what it is and how to configure it.
I agree here and it better echoes my original sentiment that you should keep sudo and learn how to properly configure it so that any security concerns are alleviated.
... whereas my personal "take" on this point would be, "where is the 'bright line rule™' here?"
The computer cannot distinguish between "a sudo request issued by <<user-X>> in a cron job," from ... "any other sudo request issued by <<user-X>>."
From the computer's point of view, "either: <<user-X>> is allowed to 'use sudo', or: 's/he is not.'"
Um... sudo can prevent the usage to the command specified in the configuration file for that specific user.
Now doing something stupid like adding an editor (or allowing access to a shell) in there is a different thing.
Quote:
If you need to do "certain things" that are "an exception to the rule" for your <<user-X>>, then you should arrange to have them be performed under the auspices of a different user-ID, which has elevated privileges and which is expressly used for no other purpose. Only then, does "the binary machine" have "a binary bright-line rule" that it can actually use and enforce.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
