LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > MEPIS
User Name
Password
MEPIS This forum is for the discussion of MEPIS Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 10-10-2006, 07:55 PM   #16
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Ubuntu / Windows dual boot (for now)
Posts: 515

Original Poster
Rep: Reputation: 30
For rick or anyone reading. . .how safe is "sudo?"


rick, you mentioned that "sudo" gives you root power for that one command and only that one command.

Did I get that right, or did I misquote / misunderstand you?

In any case, whether "sudo" grants root power for one command or many commands, I have this question:

How safe is "sudo?"


Think about it like this:

With "sudo" all you need to type to gain God status are 4 letters that everyone knows: sudo.

On the other hand, if you have a root password that only you know, then only you can have God status. A root password provides a security hurdle that only the administrator can over-ride.

From this p.o.v. it seems that "sudo" is a disaster waiting to happen.

Even if "sudo" gives you root power for only one command, that still is root power in the hands of any user, not just the administrator.

What is to stop a troublesome average user from dropping one well placed "sudo" command to screw the entire system?

I'm not trying to flame "sudo" but I am just shocked to learn this and trying to describe the issue to the best of my understanding.

Please clarify and help me out.
 
Old 10-10-2006, 08:53 PM   #17
Sepero
Member
 
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 733
Blog Entries: 1

Rep: Reputation: 30
No, I believe sudo only works for the user that installed the system.

Every other user does not have default access to sudo.

It's the exact same setup as on Apple computers. In fact, it was copied from them.

Irregardless, as I said before, a root user can easily be setup on any Ubuntu system if the user wants to do that.
 
Old 10-10-2006, 09:08 PM   #18
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 59
Quote:
No, I believe sudo only works for the user that installed the system.
Sudo works for anyone in the "sudo" group. I believe Ubuntu defaults the 1st user created into that group, but if you add additional users, you have to add them on purpose.

Ubuntu isn't unique in sudo availability. You can set it up on any distro. Ubuntu is just the only distro that is designed to encourage its use.

EditActually, simply being in the "sudo" group isn't the key. I put myself in the sudo group and tried to execute a privledged command. Error: You are not on the sudoers list. This incident will be reported.

I did a cat on /etc/sudoers, and it said I had to use a special program as root to edit the list. Didn't feel like reading the man page to see just how to go about that. It's pretty secure.

I've been thinking about setting it up on my system. One of these days pretty soon I will.

Last edited by rickh; 10-10-2006 at 09:26 PM.
 
Old 10-10-2006, 09:53 PM   #19
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Ubuntu / Windows dual boot (for now)
Posts: 515

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Sepero
No, I believe sudo only works for the user that installed the system.

Every other user does not have default access to sudo.

It's the exact same setup as on Apple computers. In fact, it was copied from them.

Irregardless, as I said before, a root user can easily be setup on any Ubuntu system if the user wants to do that.

Sepero. . .do you use sudo on MEPIS 6? Or do you use the traditional su method?

I have been thinking about upgrading to MEPIS 6, but I heard it uses Ubuntu reps, which has scared me off, since I don't understand Ubuntu.

Regardless, how do you like MEPIS 6?
 
Old 10-10-2006, 09:56 PM   #20
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Ubuntu / Windows dual boot (for now)
Posts: 515

Original Poster
Rep: Reputation: 30
become root before you can

Quote:
Originally Posted by rickh
Sudo works for anyone in the "sudo" group. I believe Ubuntu defaults the 1st user created into that group, but if you add additional users, you have to add them on purpose.

Ubuntu isn't unique in sudo availability. You can set it up on any distro. Ubuntu is just the only distro that is designed to encourage its use.

EditActually, simply being in the "sudo" group isn't the key. I put myself in the sudo group and tried to execute a privledged command. Error: You are not on the sudoers list. This incident will be reported.

I did a cat on /etc/sudoers, and it said I had to use a special program as root to edit the list. Didn't feel like reading the man page to see just how to go about that. It's pretty secure.

I've been thinking about setting it up on my system. One of these days pretty soon I will.

rickh. . .if I understand correctly, you are saying that you must become root before you can add / delete users to / from the "sudo group?" Correct?
 
Old 10-11-2006, 06:16 AM   #21
Sepero
Member
 
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 733
Blog Entries: 1

Rep: Reputation: 30
I use the "su" method. I've been using Mepis 6.0 for about a month now and I like it better than the 3.4.x versions. Although, often times I think it could be much better. I should soon be testing out Freespire and the new PCLinuxOS, to see how they compare.
 
Old 10-22-2006, 04:21 AM   #22
teferra
LQ Newbie
 
Registered: Oct 2006
Posts: 1

Rep: Reputation: 0
my first post. Hi all

If you do "sudo su" in ubuntu you get a root shell which does not require you to type sudo again. Also there is a root shell shortcut in the menu.

The only thing i did not find yet is a graphical access to root. But you can start all only root apps by giving the first user password. I guss one cccan say there is realy no difference in functionality but added security. If one uses sudo the chances of leaving a vulnerable system open if not eliminated minimized.
 
Old 10-29-2006, 03:06 PM   #23
mahlerfan
LQ Newbie
 
Registered: Oct 2006
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by MBA Whore

How safe is "sudo?"
It's as safe as su.

Quote:
On the other hand, if you have a root password that only you know, then only you can have God status. A root password provides a security hurdle that only the administrator can over-ride.
Your post is wrong, so let me just explain.

(a) read the documentation first!

(b) you can set the sudo priviledges with the command visudo. And yes you have to be root to do this.

(c) the smartest way is way to do this is already in the file, just uncomment out. Users in the wheel group should be allowed to be sudoers and no one else. Why?

The wheel group is the group of users allowed to login as root. Now you're simply extending to them the ability to do a root like command without logging in. It's a shortcut for a permission they already have.

In the wrong hands both su and sudo can be dangerous. The person that doesn't set a root password, and gives all users access to sudo without a password for instance is asking for trouble. But is sudo more dangerous than su? I don't think so.

I can understand thinking this way-- if you've only used sudo in the context of ubuntu you don't realize what it really is, and even worse think it's only for ubuntu! lol

I actually love sudo and install it in any distro that I use.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MEPIS and Ubuntu maprx MEPIS 5 06-12-2006 03:00 AM
Ubuntu to Mepis, why? binskipy2k5 MEPIS 79 10-14-2005 10:40 AM
Ubuntu reuse /home/directory coming from MEPIS/debian? lefty.crupps Ubuntu 3 10-11-2005 08:40 PM
Ubuntu or Mepis JediDB Linux - Distributions 9 07-26-2005 02:04 AM
Ubuntu or Mepis 3.3 spade Linux - Distributions 20 05-01-2005 05:57 PM


All times are GMT -5. The time now is 11:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration