LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Q: about sudo (https://www.linuxquestions.org/questions/linux-newbie-8/q-about-sudo-4175610677/)

pet@work:dondon 07-26-2017 03:32 PM

Q: about sudo
 
Hello reader,

I used sudo command on the command line before typing a rm -r command and it ask for my password, which I entered and the instruction would be accepted. Then later I needed super user privaliges again I used sudo again before other commands.
But I seemd to still be in my normal account. While I got used to when I first type and return su I thought of to be in super user account. I could also check this because
the font letters would a from green to red of the shelt part. I then confirmed more or less I was in my normal user account I typed 'sudo su" and returned gave me super user privileges. I find strange that sudo doesnt need a password. And I don't know why it looked I was still in my normal account.
My question is how can I get the sudo command to ask for a password all the timeand how to not put me in my normal account when I use sudo. Please, can someone explain this?

Friendly greets

BW-userx 07-26-2017 04:06 PM

sudo has a time limit in each term you're in and use sudo - passwd - after that time has expired you must passwd in again.

Code:

su  passwd - stays in your environment path
su -  then passwd puts you in root environment path.

try
Code:

su
password
pwd
exit
#then
su -
password
pwd
exit

sudo is root privs
it's su do you think you are Mr. Big Shot?
I am g'root ;)
(sung to the tune of, who do you think you are) :D

sundialsvcs 07-26-2017 04:12 PM

The problem with sudo is that it requires your(!) password. If you can, for example, issue sudo su, then you are(!) root!

This is why, on every computer that I have any successful control of, there is only one user in the wheel (which is the traditional qualification that lets you do this). If you need to "sudo anything-of-significance," you must first log in as that user. (Which you can do, by the way, with su username.)

BW-userx 07-26-2017 04:23 PM

yeah I forget that part I use same passwd for both, and sudo with no passwd, makes my life easier ;)

suicidaleggroll 07-26-2017 04:28 PM

Quote:

Originally Posted by BW-userx (Post 5740245)
yeah I forget that part I use same passwd for both, and sudo with no passwd, makes my life easier ;)

Why not just log in as root and bypass any remaining inkling of security on the system...you're just asking for a rootkit or other malware.

pet@work:dondon 07-26-2017 04:30 PM

Thank you for explaining it.

michaelk 07-26-2017 04:34 PM

In addition, the default time is 15 minutes. If you want to be asked for a password all the time you need to add the following to the /etc/sudoers file. To edit the sudoers file
sudo visudo

Code:

Defaults        env_reset,timestamp_timeout=0

suicidaleggroll 07-26-2017 04:36 PM

Quote:

Originally Posted by pet@work:dondon (Post 5740228)
Hello reader,

I used sudo command on the command line before typing a rm -r command and it ask for my password, which I entered and the instruction would be accepted. Then later I needed super user privaliges again I used sudo again before other commands.
But I seemd to still be in my normal account. While I got used to when I first type and return su I thought of to be in super user account. I could also check this because
the font letters would a from green to red of the shelt part. I then confirmed more or less I was in my normal user account I typed 'sudo su" and returned gave me super user privileges. I find strange that sudo doesnt need a password. And I don't know why it looked I was still in my normal account.
My question is how can I get the sudo command to ask for a password all the timeand how to not put me in my normal account when I use sudo. Please, can someone explain this?

Friendly greets

sudo runs a command with elevated privileges. It does NOT switch you to a root terminal, and you should not expect your prompt to change.

su switches you to a root terminal (or sudo su, if your root account doesn't have a usable password).

sudo by default only prompts you for a password every so often, if you run back-to-back sudo commands it should only prompt you on the first one. Pretty sure there's a timeout or similar parameter in /etc/sudoers that you could modify if you wanted to change that behavior.

edit: beat to the punch

BW-userx 07-26-2017 05:09 PM

Quote:

Originally Posted by suicidaleggroll (Post 5740249)
Why not just log in as root and bypass any remaining inkling of security on the system...you're just asking for a rootkit or other malware.

lamo I was soooo waiting for something like this .. lmao...

because in user I do not get that problem, it is only when I need to use sudo I just bypass the passwd is all, when I use su or su - I still got a put a passwd in,, It is just me and my laptop . no one uses it but me, so I do not worry about that . plus no one knows my passwd or that I use the same for root and user but people on LQ now. oops..

they would not provide a sudo NOPASSWD if it wasn't secure . being in root at all times. I've done that too before, did it for a week straight. np

I too am not a paranoid personality not to say you are, I do not know you that well to determine that, ;) only that I do not worry about security on this laptop other then my passwd to get in to it. which no one knows.

suicidaleggroll 07-26-2017 05:43 PM

Quote:

Originally Posted by BW-userx (Post 5740265)
because in user I do not get that problem, it is only when I need to use sudo I just bypass the passwd is all, when I use su or su - I still got a put a passwd in

Doesn't matter. Requiring a password for su when you can sudo without one is 100% pointless, since "sudo -i" will get you a root terminal anyway.

Quote:

Originally Posted by BW-userx (Post 5740265)
It is just me and my laptop . no one uses it but me, so I do not worry about that . plus no one knows my passwd

Doesn't matter. Scripts run as your regular user all the time, from various sources. If any one of those can run sudo and then do anything it wants to as root, you may as well not even have a password.

Quote:

Originally Posted by BW-userx (Post 5740265)
they would not provide a sudo NOPASSWD if it wasn't secure .

That is a horrible, HORRIBLE way of approaching security. It is absolutely insecure, it's one of the worst things you can do on your machine. They added it because it's a feature and somebody, somewhere, might have some reason to need it. They did not do it because it's secure. You can also get rid of your root password, open up root SSH access, and forward port 22 in your router to your machine, so that anybody anywhere can log into your machine as root without a password. Nothing will stop you from doing that on your machine, but obviously it's a horribly insecure thing to do. Linux does not stop you from doing stupid things. Linux provides the functionality to do anything you might desire, and then hands you the keys. It's up to YOU to make smart decisions, it is not the software's job to protect you from yourself, that's Windows' attitude. Just because a piece of software lets you do something, that doesn't make it a good idea...

Quote:

Originally Posted by BW-userx (Post 5740265)
I too am not a paranoid personality not to say you are, I do not know you that well to determine that, ;) only that I do not worry about security on this laptop other then my passwd to get in to it. which no one knows.

Doesn't matter if no one knows it, because as soon as you log in and start using the machine, running web browsers, downloading and building source code, etc., you're allowing hundreds/thousands of scripts to run under your UID. If one of them tries to sudo, it'll succeed, and then it can do anything it wants.

BW-userx 07-26-2017 05:46 PM

Quote:

Originally Posted by suicidaleggroll (Post 5740274)
Doesn't matter. Requiring a password for su when you can sudo without one is 100% pointless, since "sudo -i" will get you a root terminal anyway.


Doesn't matter. Scripts run as your regular user all the time, from various sources. If any one of those can run sudo and then do anything it wants to as root, you may as well not even have a password.


That is a horrible, HORRIBLE way of approaching security. It is absolutely insecure, it's one of the worst things you can do on your machine. They added it because it's a feature and somebody, somewhere, might have some reason to need it. They did not do it because it's secure. You can also get rid of your root password, open up root SSH access, and forward port 22 in your router to your machine, so that anybody anywhere can log into your machine as root without a password. Nothing will stop you from doing that on your machine, but obviously it's a horribly insecure thing to do. Linux does not stop you from doing stupid things. Linux provides the functionality to do anything you might desire, and then hands you the keys. It's up to YOU to make smart decisions, it is not the software's job to protect you from yourself, that's Windows' attitude. Just because a piece of software lets you do something, that doesn't make it a good idea...


Doesn't matter if no one knows it, because as soon as you log in and start using the machine, running web browsers, downloading and building source code, etc., you're allowing hundreds/thousands of scripts to run under your UID. If one of them tries to sudo, it'll succeed, and then it can do anything it wants.

basically I do not care --- I never had an issues doing like this and as I said I am not going to turn into some paranoid person over it and allow them maybes to run my life.

chrism01 07-26-2017 07:27 PM

Problem is if they do get in (which is likely by the sounds if it), they can use your machine to attack others.... that's why we care.
If you were not on the net, it wouldn't matter (to us).

hazel 07-27-2017 01:13 AM

NOPASSWD is useful for the shutdown command. I wouldn't use it for anything else.

BW-userx 07-27-2017 07:36 AM

so i am the bad guy? I a the enabler? Just because I do not want to type my password in every time I need to use sudo command? I do not think so. Locks only keep honest people out.

JeremyBoden 07-27-2017 10:44 AM

If you are determined to act as a bot device, have you considered even using an extremely short password?
It won't deter a proper attack, but it will prevent someone submitting a sudo command - just to see if there is absolutely no security.

I also suggest you start leaving the front door of your house open, at all times.


All times are GMT -5. The time now is 10:07 PM.