Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I used sudo command on the command line before typing a rm -r command and it ask for my password, which I entered and the instruction would be accepted. Then later I needed super user privaliges again I used sudo again before other commands.
But I seemd to still be in my normal account. While I got used to when I first type and return su I thought of to be in super user account. I could also check this because
the font letters would a from green to red of the shelt part. I then confirmed more or less I was in my normal user account I typed 'sudo su" and returned gave me super user privileges. I find strange that sudo doesnt need a password. And I don't know why it looked I was still in my normal account.
My question is how can I get the sudo command to ask for a password all the timeand how to not put me in my normal account when I use sudo. Please, can someone explain this?
Friendly greets
Last edited by pet@work:dondon; 07-26-2017 at 03:35 PM.
The problem with sudo is that it requires your(!) password. If you can, for example, issue sudo su, then you are(!) root!
This is why, on every computer that I have any successful control of, there is only one user in the wheel(which is the traditional qualification that lets you do this). If you need to "sudo anything-of-significance," you must first log in as that user. (Which you can do, by the way, with su username.)
In addition, the default time is 15 minutes. If you want to be asked for a password all the time you need to add the following to the /etc/sudoers file. To edit the sudoers file
sudo visudo
I used sudo command on the command line before typing a rm -r command and it ask for my password, which I entered and the instruction would be accepted. Then later I needed super user privaliges again I used sudo again before other commands.
But I seemd to still be in my normal account. While I got used to when I first type and return su I thought of to be in super user account. I could also check this because
the font letters would a from green to red of the shelt part. I then confirmed more or less I was in my normal user account I typed 'sudo su" and returned gave me super user privileges. I find strange that sudo doesnt need a password. And I don't know why it looked I was still in my normal account.
My question is how can I get the sudo command to ask for a password all the timeand how to not put me in my normal account when I use sudo. Please, can someone explain this?
Friendly greets
sudo runs a command with elevated privileges. It does NOT switch you to a root terminal, and you should not expect your prompt to change.
su switches you to a root terminal (or sudo su, if your root account doesn't have a usable password).
sudo by default only prompts you for a password every so often, if you run back-to-back sudo commands it should only prompt you on the first one. Pretty sure there's a timeout or similar parameter in /etc/sudoers that you could modify if you wanted to change that behavior.
Why not just log in as root and bypass any remaining inkling of security on the system...you're just asking for a rootkit or other malware.
lamo I was soooo waiting for something like this .. lmao...
because in user I do not get that problem, it is only when I need to use sudo I just bypass the passwd is all, when I use su or su - I still got a put a passwd in,, It is just me and my laptop . no one uses it but me, so I do not worry about that . plus no one knows my passwd or that I use the same for root and user but people on LQ now. oops..
they would not provide a sudo NOPASSWD if it wasn't secure . being in root at all times. I've done that too before, did it for a week straight. np
I too am not a paranoid personality not to say you are, I do not know you that well to determine that, only that I do not worry about security on this laptop other then my passwd to get in to it. which no one knows.
because in user I do not get that problem, it is only when I need to use sudo I just bypass the passwd is all, when I use su or su - I still got a put a passwd in
Doesn't matter. Requiring a password for su when you can sudo without one is 100% pointless, since "sudo -i" will get you a root terminal anyway.
Quote:
Originally Posted by BW-userx
It is just me and my laptop . no one uses it but me, so I do not worry about that . plus no one knows my passwd
Doesn't matter. Scripts run as your regular user all the time, from various sources. If any one of those can run sudo and then do anything it wants to as root, you may as well not even have a password.
Quote:
Originally Posted by BW-userx
they would not provide a sudo NOPASSWD if it wasn't secure .
That is a horrible, HORRIBLE way of approaching security. It is absolutely insecure, it's one of the worst things you can do on your machine. They added it because it's a feature and somebody, somewhere, might have some reason to need it. They did not do it because it's secure. You can also get rid of your root password, open up root SSH access, and forward port 22 in your router to your machine, so that anybody anywhere can log into your machine as root without a password. Nothing will stop you from doing that on your machine, but obviously it's a horribly insecure thing to do. Linux does not stop you from doing stupid things. Linux provides the functionality to do anything you might desire, and then hands you the keys. It's up to YOU to make smart decisions, it is not the software's job to protect you from yourself, that's Windows' attitude. Just because a piece of software lets you do something, that doesn't make it a good idea...
Quote:
Originally Posted by BW-userx
I too am not a paranoid personality not to say you are, I do not know you that well to determine that, only that I do not worry about security on this laptop other then my passwd to get in to it. which no one knows.
Doesn't matter if no one knows it, because as soon as you log in and start using the machine, running web browsers, downloading and building source code, etc., you're allowing hundreds/thousands of scripts to run under your UID. If one of them tries to sudo, it'll succeed, and then it can do anything it wants.
Last edited by suicidaleggroll; 07-26-2017 at 05:45 PM.
Doesn't matter. Requiring a password for su when you can sudo without one is 100% pointless, since "sudo -i" will get you a root terminal anyway.
Doesn't matter. Scripts run as your regular user all the time, from various sources. If any one of those can run sudo and then do anything it wants to as root, you may as well not even have a password.
That is a horrible, HORRIBLE way of approaching security. It is absolutely insecure, it's one of the worst things you can do on your machine. They added it because it's a feature and somebody, somewhere, might have some reason to need it. They did not do it because it's secure. You can also get rid of your root password, open up root SSH access, and forward port 22 in your router to your machine, so that anybody anywhere can log into your machine as root without a password. Nothing will stop you from doing that on your machine, but obviously it's a horribly insecure thing to do. Linux does not stop you from doing stupid things. Linux provides the functionality to do anything you might desire, and then hands you the keys. It's up to YOU to make smart decisions, it is not the software's job to protect you from yourself, that's Windows' attitude. Just because a piece of software lets you do something, that doesn't make it a good idea...
Doesn't matter if no one knows it, because as soon as you log in and start using the machine, running web browsers, downloading and building source code, etc., you're allowing hundreds/thousands of scripts to run under your UID. If one of them tries to sudo, it'll succeed, and then it can do anything it wants.
basically I do not care --- I never had an issues doing like this and as I said I am not going to turn into some paranoid person over it and allow them maybes to run my life.
Problem is if they do get in (which is likely by the sounds if it), they can use your machine to attack others.... that's why we care.
If you were not on the net, it wouldn't matter (to us).
so i am the bad guy? I a the enabler? Just because I do not want to type my password in every time I need to use sudo command? I do not think so. Locks only keep honest people out.
If you are determined to act as a bot device, have you considered even using an extremely short password?
It won't deter a proper attack, but it will prevent someone submitting a sudo command - just to see if there is absolutely no security.
I also suggest you start leaving the front door of your house open, at all times.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.