DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Primarily Deb/Ubuntu, and some CentOS
Posts: 829
Rep:
Quote:
Originally Posted by BW-userx
so he or she has no password and makes that mistake do we blame it on the fact that it was because one gave that user a no password priveages ?
Depends who the user is. You, maybe not. But what if someone got into your system and installed/ran executibles with ill intentions? No prolem, no need for sudo or root password!
Depends who the user is. You, maybe not. But what if someone got into your system and installed/ran executibles with ill intentions? No prolem, no need for sudo or root password!
that is a very different case scenario.
for one,
for two if someone knew I didn't need a pass word that is my fault for telling them that. that too is a security issue. that'd be like telling someone else my password.
even a newbee someone that has no idea of how to admin a Operating System of any kind and is given the ability to do so. even to do whatever to a sudoers file and screws it up. now whos fault is it?
I'd say the people that hired them. Not me no matter what i told them. It is a suggestion, not a command that I gave out.
you keep missing the part where I said
give that a TRY!
why do people tell you to try something no matter what your expertise is on whatever it is they tell you to try?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by BW-userx
go look at his side bar. here let me show it to you
for one,
two having a no password.
for one to say "There is every need for a password." if that where a true statement, Then the ones that developed this sudo file would have never put in the ability to have No Password.
This ability to use sudo without a password NULL and VOIDS that previous statement.
I think you really need to think about things more carefully. sudo is complex and the fact that there is an option for no password absolutely does not mean that the people responsible for it think that giving a user account unlimited access without a password is a god idea.
You can call it scapegoating to protect a user account if you want -- I call it part of the process of security. There are also the occasions I mentioned where
an otherwise absolutely safe command accidentally run as root can cause issues further down the line and having to enter a password can prevent that happening.
Again, if you wish to use a system in that way that's fine. You know the risks and how to mitigate them and take responsibility for that. To recommend, without warning, that a new user do the same I call irresponsible. Let people make their own minds up but let them know the risks.
I would suggest making a backup before taking any mind-altering drugs.
is alcohol a mind-altering drug?
Quote:
Originally Posted by erik2282
BW is suggesting you be a cowboy.
i think that would actually be really cool.
problem is, in 9 out of 10 cases these cowboys come crying to mummy (i.e. desperate "Help me!" threads here on LQ) when they stubbed their toe...
He wants a shoehorn, the kind with teeth
people should get beat up for stating their beliefs
He wants a shoehorn, the kind with teeth
cause he knows there's no such thing
================
Quote:
Come on, BW (Senior Member) you should know better than suggesting something like that to a newb.
exactly.
the newb here being any potential forum reader, not (just) fixit7.
Quote:
Originally Posted by BW-userx
another point, if one does not allow someone the ability to screw up something then how will they learn anything?
childish.
teachers say "don't do it" not because they have the absolute power to make that decision for you, but because they want you to consider.
in other words, we have all been there ourselves (i know i have), but to encourage & sanction it is wrong.
double OT:
the psychology of linux forums, i love it!
Sorry guy, sudo export whatever is completely meaningless.
huh? in what respect?
I got it off the net, slapped it in my term hit enter for both of them then typed visudo and nano opened up my sudoers file instead of vi. So for you to tell me that it is meaningless make no sense to me.
Unless you have no understanding of the commands sudo and export. Which I myself doubt that is the case.
ok, listen to this:
su and/or sudo will open a new shell. export may or may not work in the new process, but anyway after execution of the command (=sudo command) the process will be dropped together with its environment. Therefore variable settings inside is invisible in the parent (= current) shell/environment. You need to learn/understand this. Unless you have no understanding of the commands sudo and export. Which I myself doubt that is the case.
from the other hand export is a builtin command of bash (or whatever shell you use), and cannot be executed with sudo at all, because sudo will not be able to find that binary.
last but not least export works inside the current shell (only) and works perfectly without sudo and there is no any reason to do that with sudo.
I think you really need to think about things more carefully. sudo is complex
O tay Mr. Over Thinker,
lets take a look at the scenario and not what is going on within it first.
dang let me go get a coffee first.
Yes sudo can be made to be very complex or simplistic via the sudoers file.
Quote:
Originally Posted by 273
and the fact that there is an option for no password absolutely does not mean that the people responsible for it think that giving a user account unlimited access without a password is a go[o]d idea.
Yet on the other hand, it does not mean that the people responsible for it giving a user an unlimited access without a password is a bad idea either.
it all depends on the situation, or scenario.
Quote:
Originally Posted by 273
You can call it scapegoating to protect a user account if you want -- I call it part of the process of security. There are also the occasions I mentioned where
an otherwise absolutely safe command accidentally run as root can cause issues further down the line and having to enter a password can prevent that happening.
I do not see how having to enter a password would thwart anyone from issuing a bad command, it'd only slow them down some. Due to them now having to type one more thing into the command line before issuing the "bad" command.
They've already committed themselves to issuing said command. Having to now enter a password before they fully act on it. How does that prevent them from carrying out on this act of entering a command bad or good?
They experience and understanding of what they are doing is the only thing that can stop that from happening and even sometimes that is not enough.
I even once ran across a video in youtube of the CEO of Red Hat that on one day issuing a command wiped out his entire system. And he is a CEO of Red Hat oops ....
therefore, it matters not if one has a password or not or has an actual root account and is in. mistakes happen it is a fact of life. having to first type a password before going further does not prevent that from taking place.
what is that rule of thumb for Linux again??
type once look twice to be sure what you wrote in there is correct because it is not windows and you are not going to get an "are you sure" message. it just runs it. password or not.
It only prevents others from using that persons user name to do whatever in their account to lay blame onto that user and not them.
Quote:
Originally Posted by 273
Again, if you wish to use a system in that way that's fine. You know the risks and how to mitigate them and take responsibility for that. To recommend, without warning, that a new user do the same I call irresponsible. Let people make their own minds up but let them know the risks.
I was doing this under what scenario?
a senior member of LQ for one. Which you keep side tracking and or others that have said bad boy shame on you to me over this.
running a distro of Debian just playing around with it in the context of wanting to learn something.
No where in his post was their any indication that it is a server that others have access too. if it was then again someone that is running a server and is a human being needs to learn not only how to run Linux but to use his or hers own brain as well.
If I tell someone to jump off a cliff without a buggy cord or parachute and do not warn them of the hazards and they do it anyways.
Is it really my fault?
NO!
he is his own person. He too has freewill and a brain like everyone else. He is not a five year old that does not have a good perception of depth.
Even if this person is only 14 years old to tell him or her to give this a try. What do they have to prevent them from doing so? Do they have to enter a password before they actually do or do not give it a try?
They have freewill and a brain to exercise their ability to reason and use logic.
I take no fault on what I did, here try this.
Code:
## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
one with basic windows knowledge even should know that he or she does not need a password to do whatever now. It is their system. They themselves have a level of responsibility regardless of what someone tells them to do or not.
me by telling that person to give sudo without a password a try is not malicious in anyway whatsoever, nor does doing that destroy anything on his system whatsoever. Nor did I take away his freewill and ability to reason and use logic.
I did not even tell him to hey try this
Code:
mv /home /dev/null
give that a try and see what happens.
Auto log in for instance go and warn everyone that wants to use that now.
Running sudo with password disabled and from an ordinary user's account is dangerous and plain stupid. I humbly suggest to anyone reading this to follow the advice given above, except those from BW-userx. Stick to well-proven security practices, not to bad habits. Mentioning "free will" to justify ill-advised setups is irresponsible and makes no sense.
Running sudo with password disabled and from an ordinary user's account is dangerous and plain stupid.
so now you're calling me stupid. Thank you for that insult.
Quote:
Originally Posted by Philip Lacroix
I humbly suggest to anyone reading this to follow the advice given above, except those from BW-userx. Stick to well-proven security practices, not to bad habits. Mentioning "free will" to justify ill-advised setups is irresponsible and makes no sense.
and you used your freewill to post this, your option, and others will use there freewill and reasoning and logic to decided to either follow your advice or not and some that do not like to use their brains will just follow you. Regardless if you are right or wrong. Still they have used their freewill to decided one way or the other.
Freewill always comes into play no matter how much you may deny it. Unless one is suffering from a psychopathological disorder where freewill becomes hindered.
you are trying by your words to stop others from actually using their own brains and replace them with yours. By telling them to do it your way, and this is why without any real proofs whatsoever, just a blank statement to present your case against me.
Quote:
password disabled and from an ordinary user's account is dangerous and plain stupid.
how does one having no password in an ordinary user's account dangerous?
having a password does not prevent a wrong command to be entered into the CLI.
Having a password does not prevent that user from making a typo in the CLI.
as I stated it depends on the scenario. if one is paranoid or their is a real threat of someone else using your account to do something so that person will have to take the blame. But then again that falls into the depends on the scenario area.
if one has a system that only he or she can access then no real need for a password.
if one has a system that it doesn't really matter what happens to it because it is just being used for a test bed to play around on then no real need for a password.
go and recall history of the one that wrote GNU. Back before he wrote GNU and passwords. they where non existent. He even rebelled against the password policies.
so now you're calling me stupid. Thank you for that insult.
If you wish you can report it, there is a report button at every post
Quote:
Originally Posted by BW-userx
as I stated it depends on the scenario.
What you really missed here: crackers, viruses, hackers and other similar "things" will not play your scenario, but will force you to play based their own rules.
So you need to prepare to protect yourself against them, which actually may mean some inconvenience, like do not allow:
Quote:
Running sudo with password disabled and from an ordinary user's account
This is something like an open door, and means you allow anyone to come in, and do what they want
I have a 'basic' question here: 2 scenarios: assume the one where ip addr is 192.168.1.2 or 10...
Nothing 'outside' can connect into it (RFC1918), I'm thinking. Is that true? Then, no passwords needed.
if the local network was completely isolated - than noone can connect.
But if this network is connected to the internet (using a router or whatever) - so if there is a way to go out than there is a way to come in too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.