Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Actually, the problem is with Ubuntu. Linux is (in practical temrs) effectively a free version of Unix, which includes sudo. It's just that Ubuntu decided to do things in a non-std way; that's not a fault of Linux, just that distro.
If you read this http://www.sudo.ws/sudo/history.html you'll see sudo isn't even part of the orig Unix; it's much younger.
Distribution: Cinnamon Mint 20.1 (Laptop) and 20.2 (Desktop)
Posts: 1,672
Rep:
Would I be correct in thinking that you are more a risk from these nasty people on the Internet if you are logged in as root and on-line? If you're logged in as Joe Soap, User, then anyone accessing your system would still have to discover your root password to enable them to create complete mayhem?
I was always told that to be continuously logged in as root was, in the words of Egon Spengler of Ghost Busters fame, "a bad thing"
Would I be correct in thinking that you are more a risk from these nasty people on the Internet if you are logged in as root and on-line? If you're logged in as Joe Soap, User, then anyone accessing your system would still have to discover your root password to enable them to create complete mayhem?
Yes, that is a good way of thinking about it. It is for the same reason that system level services, like a web server, ssh server or ftp server, will drop to running as an unprivileged user. If the system gets cracked, the bad guys only have unprivileged access and that does limit the damage they can do. And this is also why I think Ubuntu's implementation of root and sudo are brain dead. Essentially they've made one of the normal users "root" by giving it complete sudo access, so if the bad guys compromise that password, the machine is toast. On my Slackware boxes (which have a proper root account) I'm almost never doing anything as root, so if my normal account gets cracked, they still have to find another way to crack root.
Would I be correct in thinking that you are more a risk from these nasty people on the Internet if you are logged in as root and on-line? If you're logged in as Joe Soap, User, then anyone accessing your system would still have to discover your root password to enable them to create complete mayhem?
I was always told that to be continuously logged in as root was, in the words of Egon Spengler of Ghost Busters fame, "a bad thing"
Yes. As an aside, its just as bad to be logged in to a user account with admin privileges with windows. Not that many people paid any attention to that, which is part of why 2K/XP versions are so hackable, and why microsoft inroduced 'UAC' with vista. Though UAC is more like sudo than su.
Distribution: Cinnamon Mint 20.1 (Laptop) and 20.2 (Desktop)
Posts: 1,672
Rep:
@Hangdog.
Would it not be just as difficult for a cracker (I'm told hackers are nice guys who write Open Source code ) to find/guess Joe Soap's password if they broke in. Their using sudo wouldn't get them anywhere. If they were already logged in as root though... As they say, "The world would be their 'lobster' "
Not a security expert but: Logically I don't see a difference whether your underlying system uses "sudo" or "su" (or both) but rather, whether you launch your web browser as a normal user or with elevated privileges.
In other words, launching "firefox" is safe either way. Launching "sudo firefox" or "su", "firefox" are equally risky.
Would I be correct in thinking that you are more a risk from these nasty people on the Internet if you are logged in as root and on-line? If you're logged in as Joe Soap, User, then anyone accessing your system would still have to discover your root password to enable them to create complete mayhem?
I was always told that to be continuously logged in as root was, in the words of Egon Spengler of Ghost Busters fame, "a bad thing"
Play Bonny!
Yes, and no. "a bad thing" is totally subjective. If you want to run a web browser as root, then go ahead. Running your browser as root is only more of a security risk if some hacker was able to use some loophole in your browser to remotely modify your system, which is really unlikely.
I'm logged in as root now, go ahead, hack my computer.
Running a web browser does not mean you are running an ssh server with no password. Yes, holes exist, but its silly to assume that everyone has full access to your computer while logged in as root, thats called "paranoia".
@Hangdog.
Would it not be just as difficult for a cracker (I'm told hackers are nice guys who write Open Source code ) to find/guess Joe Soap's password if they broke in. Their using sudo wouldn't get them anywhere. If they were already logged in as root though... As they say, "The world would be their 'lobster'
You're getting to the heart of what I think is a major Ubuntu problem. Compare an Ubuntu machine to say a Fedora or Slackware machine. On the Ubuntu box, if the crackers manage to snag the normal users password, they essentially have root access since they can sudo any command, give the normal user's password, and have it run as root. As has been pointed out here, this is essentially the way Windows works. Now look at a Slackware/Fedora/Debian machine. The crackers manage to get the normal user password, but now if they try to sudo a command, they probably can't. If sudo is used properly, a normal user would only have sudo access to a couple of relatively harmless commands like shutdown. This means the bad guys now have to find another exploit that allows them root access. Now if the admin has been negligent and given the normal user complete sudo access, then they are in the same boat as Ubuntu.
In other words, every other distros worst-case scenario is Ubuntu's best case.
Quote:
Originally Posted by snowpine
Not a security expert but: Logically I don't see a difference whether your underlying system uses "sudo" or "su" (or both) but rather, whether you launch your web browser as a normal user or with elevated privileges.
I'm not a security expert either, but the differences here are more in the usage than the end result. You are right, a browser run with sudo or after su to root is essentially the same thing. The difference is really between the intended uses of the commands. Sudo was designed to give a normal user root-level access to a limited number of commands while su is intended to allow a user to become a different user. In practice, most people don't think that su is used for anything other than becoming root, but in its intended use, you could use it to become any other user such as apache, ftp, or even another normal user. For example, if you and I shared a computer, you could use su to run Firefox as hangdog (provided you knew my password), but you couldn't use sudo to do that.
Quote:
Originally Posted by prushik
Running your browser as root is only more of a security risk if some hacker was able to use some loophole in your browser to remotely modify your system, which is really unlikely.
Considering the frequency with which pretty much every browser rolls out security patches, I'd say "unlikely" is the last word I'd use to describe the risk. You're right, its your machine and your decision, but to be honest, I can't think of a single advantage to running anything as root that doesn't absolutely have to be. In my experience, people who insist on running as root all the time are generally stuck in a Windows-think world and have just been lucky enough not to get nailed. Or maybe more accurately, they haven't noticed that they've been nailed.
You're getting to the heart of what I think is a major Ubuntu problem. Compare an Ubuntu machine to say a Fedora or Slackware machine. On the Ubuntu box, if the crackers manage to snag the normal users password, they essentially have root access since they can sudo any command, give the normal user's password, and have it run as root. As has been pointed out here, this is essentially the way Windows works. Now look at a Slackware/Fedora/Debian machine. The crackers manage to get the normal user password, but now if they try to sudo a command, they probably can't. If sudo is used properly, a normal user would only have sudo access to a couple of relatively harmless commands like shutdown. This means the bad guys now have to find another exploit that allows them root access. Now if the admin has been negligent and given the normal user complete sudo access, then they are in the same boat as Ubuntu.
In other words, every other distros worst-case scenario is Ubuntu's best case.
Not that I am an Ubuntu user or have any interest in defending Ubuntu, however, the argument I see frequently is this: To hack an Ubuntu system, you need 2 pieces of information: the user password and user name. To hack a "su"-using system, you only need 1 piece of information, the root password (since the root user name is presumably "root").
So in your example above, let's say a bad guy does somehow find out my Ubuntu password. Unless he also knows my username, that password is useless. On the other hand if your Slackware root password is intercepted, then obviously the username is "root." It is exponentially more difficult to guess username/user password than root/root password.
ps That is a very good point you bring up about "su" being used to switch to users other than root.
Ubuntu locks the root account, making the end-user type sudo every time they want to do a root-level action, such as installing software.
In my opinion, Ubuntu's approach is a security issue. Most users will use a memorable, dictionary password for their personal account. The bad guys only need to crack the user password and that's it, the computer is done for. Of course, there are users who are foolish enough to give a weak root password on more traditional GNU/Linux systems, resulting in the same consequences as cracking a user password on Ubuntu.
I would advise the OP to switch to a distribution which ships with a root account if security is an issue.
Not that I am an Ubuntu user or have any interest in defending Ubuntu, however, the argument I see frequently is this: To hack an Ubuntu system, you need 2 pieces of information: the user password and user name. To hack a "su"-using system, you only need 1 piece of information, the root password (since the root user name is presumably "root").
So in your example above, let's say a bad guy does somehow find out my Ubuntu password. Unless he also knows my username, that password is useless. On the other hand if your Slackware root password is intercepted, then obviously the username is "root." It is exponentially more difficult to guess username/user password than root/root password.
ps That is a very good point you bring up about "su" being used to switch to users other than root.
Well thats kind of a silly argument, no offense. Usernames are displayed in plain text on the screen on every terminal, they aren't secure, nor are they meant to be. and you are forgetting the all important 3rd piece of information: a way to actually access your computer. If you are not running an ssh server or telnet server or something like that, then really you are only open to physical access, and if somebody has physical access to your machine and really wants to do damage, they can just use a hammer. Or they could use some other remote software (viruses, DOS attacks), which require either a mistake on your part (executing the malware), or a security hole in some of your machine's software, in which case they will not even need your password since you are already logged in.
Quote:
Originally Posted by Hangdog42
Considering the frequency with which pretty much every browser rolls out security patches, I'd say "unlikely" is the last word I'd use to describe the risk. You're right, its your machine and your decision, but to be honest, I can't think of a single advantage to running anything as root that doesn't absolutely have to be. In my experience, people who insist on running as root all the time are generally stuck in a Windows-think world and have just been lucky enough not to get nailed. Or maybe more accurately, they haven't noticed that they've been nailed.
Not necessarily. Some people (like myself) just don't like my computer trying to constrain me, its not that I am still a Window user at heart, I am a full time Linux user, and have been for years and years, I couldn't tell you the last time I used Windows.
and browser security patches are not a good way to prove a point about security, the frequency at which they are released is just another indication of how paranoid people are.
Let me ask you a question, do you personally know any Linux users that have had their computer "hacked"? The majority of "hackers" and people that create viruses are either totally unaware of the existence of Linux, or are avid Linux users that want to destroy Windows. Linux is hardly ever a target, without any security it is still the most low risk OS to run (besides BSDs and Solaris). If you were a high profile government organization guarding top-secret information, this type of security makes sense. For home users, not so much.
In practice, limiting root access only helps prevent users from destroying their own computers accidentally. and a proficient Linux user should know better. That's how I see it.
And besides, I'm surprised nobody mentioned this yet. Limiting root access could actually be a security RISK! We are all overlooking the possibility of your home computer becoming self aware. What would you do if that happened, huh? You computer knows all your passwords anyway, if you weren't logged in as root, a self aware computer could easily shut you out of your own machine in micro-seconds, if you are logged in as root, it could buy you just enough time to shut it down safely before it destroys the world. I think I made my point.
So in your example above, let's say a bad guy does somehow find out my Ubuntu password. Unless he also knows my username, that password is useless. On the other hand if your Slackware root password is intercepted, then obviously the username is "root." It is exponentially more difficult to guess username/user password than root/root password.
Well, as prushik suggested, I don't think usernames are a particularly difficult thing to come by relative to a password. Besides, if you use root for just its intended purpose, root's password will be exposed much less frequently than a normal users.
Quote:
Originally Posted by prushik
Let me ask you a question, do you personally know any Linux users that have had their computer "hacked"?
Personally? No, but that is a reflection of the fact that I don't know many Linux users outside of LQ. However, if you visit the Security forum here, you'll have no trouble finding all sorts of mischief that people have run into, including a recent zero-day exploit of exim.
Quote:
Originally Posted by prushik
The majority of "hackers" and people that create viruses are either totally unaware of the existence of Linux, or are avid Linux users that want to destroy Windows. Linux is hardly ever a target, without any security it is still the most low risk OS to run (besides BSDs and Solaris). If you were a high profile government organization guarding top-secret information, this type of security makes sense. For home users, not so much.
Again, if you hang out on the Security form, you'll see this just simply isn't true. The bad guys are very aware of Linux and the fact that it largely exists in the server world makes it a VERY high value target. From what I've seen, the bad guys currently make their money be recruiting into botnets, not the old-fashioned smash and grab. Destroying Windows actually costs them money because it reduces the number of botnet members. In this scenario, computers that are continually attached to the Intertubes and running 24/7 are coveted. I will grant you that out of the box, Linux is more secure than Windows, but an improperly secured Linux box can still easily run into trouble.
Quote:
Originally Posted by prushik
In practice, limiting root access only helps prevent users from destroying their own computers accidentally. and a proficient Linux user should know better. That's how I see it.
Certainly not running as root mitigates the mistakes one can make, but look at it this way, why take risks if you don't have to? In my experience, running as a normal user is perfectly fine the vast majority of the time. Once I get my computers set up, I'm rarely doing anything that needs root access. Nor do I notice not being root very often. So if I don't need it, why run the risk?
Quote:
Originally Posted by prushik
And besides, I'm surprised nobody mentioned this yet. Limiting root access could actually be a security RISK! We are all overlooking the possibility of your home computer becoming self aware. What would you do if that happened, huh? You computer knows all your passwords anyway, if you weren't logged in as root, a self aware computer could easily shut you out of your own machine in micro-seconds, if you are logged in as root, it could buy you just enough time to shut it down safely before it destroys the world. I think I made my point.
I've got a Sawzall out in the garage for just such an occasion!
Personally? No, but that is a reflection of the fact that I don't know many Linux users outside of LQ. However, if you visit the Security forum here, you'll have no trouble finding all sorts of mischief that people have run into, including a recent zero-day exploit of exim.
That's why I said personally, of course you can find somebody online that got their machine messed up because it was improperly secured. After all, you can find anything on the internet. Also be aware of the fact that not everybody who SAYS they got "hacked", actually got hacked, many of them did it themselves accidentally and blame hackers because they don't know what they did. There are exploits, yes, hackers use them, yes. Not denying that.
Quote:
Originally Posted by Hangdog42
Again, if you hang out on the Security form, you'll see this just simply isn't true. The bad guys are very aware of Linux and the fact that it largely exists in the server world makes it a VERY high value target. From what I've seen, the bad guys currently make their money be recruiting into botnets, not the old-fashioned smash and grab. Destroying Windows actually costs them money because it reduces the number of botnet members. In this scenario, computers that are continually attached to the Intertubes and running 24/7 are coveted. I will grant you that out of the box, Linux is more secure than Windows, but an improperly secured Linux box can still easily run into trouble.
You changed subjects on me here, I did make this distinction: I'm talking home or office users, not servers. Obviously on a server thats open to the public there is a much greater and real risk. Everything I set up is either for my own personal use (home or office, web browsing, software development, etc) or contained on our company intranet (not even connected to the internet at all), or a hobby embedded device. It may be a bad assumption, but I assume most users here at LQ (especially on the software forum) are home users, and not server admins.
and I still stand by my previous assertion about the majority of malicious computer users, just look at the sheer quantity of viruses available for windows.
Quote:
Originally Posted by Hangdog42
Certainly not running as root mitigates the mistakes one can make, but look at it this way, why take risks if you don't have to? In my experience, running as a normal user is perfectly fine the vast majority of the time. Once I get my computers set up, I'm rarely doing anything that needs root access. Nor do I notice not being root very often. So if I don't need it, why run the risk?
Because some people might want to. Because I don't like when my computer (which I own) tell me what I can and can't do.
Quote:
Originally Posted by Hangdog42
I've got a Sawzall out in the garage for just such an occasion!
Good to know you are prepared. I prefer a sledge hammer, I keep one at my desk just in case, but to each his own.
Security is not a bad thing.
It just really bothers me when somebody posts on this forum saying "I can't figure out how to ..." and people respond by saying "DONT DO THAT! ITS BAD!"
Some people use their machines differently than others and its ok to take security risks for some users. Just because somebody uses their computer differently than you doesn't mean they are doing it "wrong" or that its "bad".
Now obviously, you should warn somebody if they post a question like "'dd if=/dev/random of=/dev/sda' isn't working, what should I do?", but there are actually circumstances where that is a useful command and a valid question. We should say something like "whoa, be careful with that command, it could overwrite your hard drive with random data. but its probably because you don't have root privileges."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.