Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Might be a dumb question but is making the root password different from sudo password a good idea? I read that sudo obfuscates the root's password, so Idk if changing the root pass would interfer with that, or reduce security.. Also how would I know which setuid programs query other setuid programs in order to complete it's operation, is it hinted or referenced somewhere in the man pages? And would the targetpw flag in visudo negate the need for querying passwd? Thank you in advance!!
Last edited by linux4evr5581; 10-01-2016 at 01:24 PM.
The sudo password is that of the user invoking the sudo command so it should not be the root password. In other words if user1 is issuing a command with sudo then user1 would use his/her password not root's. That is the purpose of sudo, so a normal user can execute a command as root without being root and no need to know the root password.
Thanks for the reply but why then on Ubuntu does the first user that's created with the installation use the default password (pass you setup during installation) for both sudo and root.. Of course I know that other users should not use the root password for their sudo, but for the admin is it ok? I guess it should be since it does this by default, but would changing either the sudo or root pass so that their not the same make it more secure?
Last edited by linux4evr5581; 10-01-2016 at 02:25 AM.
There's no such thing as a 'sudo password' (as far as I-newbie-too know)!
It is *the user's*, different for each user. (like a website verifying YOUR pwd [to edit profile])
From this (#7) it looks like Ubuntu doesn't ask for a root password!
Strange...other 'distro's do. Can someone explain (what's Ubuntu's *root* password?)
Oh: it's "locked", so *su* (not meaning sudo) &login as root won't work. Apparently, it's possible to: sudo passwd root (to give root a password you choose)
The general idea behind using "sudo" is that of least privilege. Accounts should have just enough access to get their jobs done, no more, no less. The way many distros apply "sudo" doesn't make that obvious because they just open the system wide open by default instead of providing a demo of the granularity available in "sudo"
I have no influence on the direction Ubuntu and Linux Mint take but if I were setting the defaults for /etc/sudoers, I would propose something like this for the initial default:
Code:
%sudo ALL=(root:root) /usr/sbin/visudo ""
However, to have mercy on beginners, it would also have to include something like the following or the graphical equivalent:
Code:
%sudo ALL=(root:root) /usr/bin/apt-get
Those two lines would make users in the group "sudo" able to install or remove packages as well as customize "sudo".
There's more, but "sudo" is surprisingly advanced. Michael W Lucas covers it in his presentation sudo : you're doing it wrong and in his fairly concise book, sudo Mastery. Those two resources can be skimmed quickly to find the parts interesting for you, then you can dig deeper in the manual page for sudoers
OK ok mybad I remember sudo is just a group and by default the first user would be in that group (but why if their already in the admin group?) and then you enter your own user password.. And I meant Mint I apologize, but you can login to Ubuntu as root with sudo -i..
Yes, that's an example of it being a bit too loose and not showing what it can do.
For that reason, it is a good idea for Ubuntu users to always make a second account and use that second account for daily activities, leaving the first account only for when administration is necessary. Same for Linux Mint and others that have the same defaults.
The general idea behind using "sudo" is that of least privilege. Accounts should have just enough access to get their jobs done, no more, no less. The way many distros apply "sudo" doesn't make that obvious because they just open the system wide open by default instead of providing a demo of the granularity available in "sudo"
I have no influence on the direction Ubuntu and Linux Mint take but if I were setting the defaults for /etc/sudoers, I would propose something like this for the initial default:
Code:
%sudo ALL=(root:root) /usr/sbin/visudo ""
However, to have mercy on beginners, it would also have to include something like the following or the graphical equivalent:
Code:
%sudo ALL=(root:root) /usr/bin/apt-get
Those two lines would make users in the group "sudo" able to install or remove packages as well as customize "sudo".
There's more, but "sudo" is surprisingly advanced. Michael W Lucas covers it in his presentation sudo : you're doing it wrong and in his fairly concise book, sudo Mastery. Those two resources can be skimmed quickly to find the parts interesting for you, then you can dig deeper in the manual page for sudoers
Code:
man sudoers
Thanks for the tips I might use that policy!
Last edited by linux4evr5581; 10-01-2016 at 01:28 PM.
Yes, that's an example of it being a bit too loose and not showing what it can do.
For that reason, it is a good idea for Ubuntu users to always make a second account and use that second account for daily activities, leaving the first account only for when administration is necessary. Same for Linux Mint and others that have the same defaults.
Good to know I was just missing/forgot a few fine points about sudo that you,lazydog, and jjanel mentioned (haven't messed with it in awhile) anyways thanks again
Last edited by linux4evr5581; 10-01-2016 at 02:15 PM.
Thanks for the reply but why then on Ubuntu does the first user that's created with the installation use the default password (pass you setup during installation) for both sudo and root.. Of course I know that other users should not use the root password for their sudo, but for the admin is it ok? I guess it should be since it does this by default, but would changing either the sudo or root pass so that their not the same make it more secure?
you do not get a root in ubuntututututu they think they know best for everyone .. so they deveate LINUX/GNU ~ UNIX Norms ...
I'm assuming that's why theres quite a few variations of it..
personaly I think they are trying to mimic Windows a close as possiable without being called a sell out to windows to get more people leaving Windows to use there version then the other ones that are actually more not windows. it is an evil conspiracy plot I TELL YA!!! from what I've lightly read windows is now trying to widdle its way into the linux world. be carefull they put netscape out of busness by thier pratices of trying to make the windows os a completely internet aware OS, you could actually use the fielmanager to get to in internet instead of their crapy web browser that always crashes and still does, that what I did, anyways, that made too many secritiy leaks so they had to pull back a little, but it was their long enough to put netscape out of bussness.
Interesting stuff indeed, but I think it would just make people more Linux/GNU aware, and would inspire trying out different distros as a result. But idk everyone seems so content with Mac and Windows regardless..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.