LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-26-2017, 03:32 PM   #1
pet@work:dondon
LQ Newbie
 
Registered: May 2009
Posts: 3

Rep: Reputation: 0
Q: about sudo


Hello reader,

I used sudo command on the command line before typing a rm -r command and it ask for my password, which I entered and the instruction would be accepted. Then later I needed super user privaliges again I used sudo again before other commands.
But I seemd to still be in my normal account. While I got used to when I first type and return su I thought of to be in super user account. I could also check this because
the font letters would a from green to red of the shelt part. I then confirmed more or less I was in my normal user account I typed 'sudo su" and returned gave me super user privileges. I find strange that sudo doesnt need a password. And I don't know why it looked I was still in my normal account.
My question is how can I get the sudo command to ask for a password all the timeand how to not put me in my normal account when I use sudo. Please, can someone explain this?

Friendly greets

Last edited by pet@work:dondon; 07-26-2017 at 03:35 PM.
 
Old 07-26-2017, 04:06 PM   #2
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
sudo has a time limit in each term you're in and use sudo - passwd - after that time has expired you must passwd in again.

Code:
su  passwd - stays in your environment path
su -  then passwd puts you in root environment path.
try
Code:
su 
password
pwd
exit
#then
su -
password
pwd
exit
sudo is root privs
it's su do you think you are Mr. Big Shot?
I am g'root
(sung to the tune of, who do you think you are)

Last edited by BW-userx; 07-26-2017 at 04:18 PM.
 
1 members found this post helpful.
Old 07-26-2017, 04:12 PM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,284
Blog Entries: 4

Rep: Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305Reputation: 3305
The problem with sudo is that it requires your(!) password. If you can, for example, issue sudo su, then you are(!) root!

This is why, on every computer that I have any successful control of, there is only one user in the wheel (which is the traditional qualification that lets you do this). If you need to "sudo anything-of-significance," you must first log in as that user. (Which you can do, by the way, with su username.)
 
1 members found this post helpful.
Old 07-26-2017, 04:23 PM   #4
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
yeah I forget that part I use same passwd for both, and sudo with no passwd, makes my life easier

Last edited by BW-userx; 07-26-2017 at 04:24 PM.
 
1 members found this post helpful.
Old 07-26-2017, 04:28 PM   #5
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138
Quote:
Originally Posted by BW-userx View Post
yeah I forget that part I use same passwd for both, and sudo with no passwd, makes my life easier
Why not just log in as root and bypass any remaining inkling of security on the system...you're just asking for a rootkit or other malware.
 
1 members found this post helpful.
Old 07-26-2017, 04:30 PM   #6
pet@work:dondon
LQ Newbie
 
Registered: May 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Thank you for explaining it.
 
Old 07-26-2017, 04:34 PM   #7
michaelk
Moderator
 
Registered: Aug 2002
Posts: 21,777

Rep: Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247Reputation: 4247
In addition, the default time is 15 minutes. If you want to be asked for a password all the time you need to add the following to the /etc/sudoers file. To edit the sudoers file
sudo visudo

Code:
Defaults        env_reset,timestamp_timeout=0
 
2 members found this post helpful.
Old 07-26-2017, 04:36 PM   #8
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138
Quote:
Originally Posted by pet@work:dondon View Post
Hello reader,

I used sudo command on the command line before typing a rm -r command and it ask for my password, which I entered and the instruction would be accepted. Then later I needed super user privaliges again I used sudo again before other commands.
But I seemd to still be in my normal account. While I got used to when I first type and return su I thought of to be in super user account. I could also check this because
the font letters would a from green to red of the shelt part. I then confirmed more or less I was in my normal user account I typed 'sudo su" and returned gave me super user privileges. I find strange that sudo doesnt need a password. And I don't know why it looked I was still in my normal account.
My question is how can I get the sudo command to ask for a password all the timeand how to not put me in my normal account when I use sudo. Please, can someone explain this?

Friendly greets
sudo runs a command with elevated privileges. It does NOT switch you to a root terminal, and you should not expect your prompt to change.

su switches you to a root terminal (or sudo su, if your root account doesn't have a usable password).

sudo by default only prompts you for a password every so often, if you run back-to-back sudo commands it should only prompt you on the first one. Pretty sure there's a timeout or similar parameter in /etc/sudoers that you could modify if you wanted to change that behavior.

edit: beat to the punch
 
1 members found this post helpful.
Old 07-26-2017, 05:09 PM   #9
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
Quote:
Originally Posted by suicidaleggroll View Post
Why not just log in as root and bypass any remaining inkling of security on the system...you're just asking for a rootkit or other malware.
lamo I was soooo waiting for something like this .. lmao...

because in user I do not get that problem, it is only when I need to use sudo I just bypass the passwd is all, when I use su or su - I still got a put a passwd in,, It is just me and my laptop . no one uses it but me, so I do not worry about that . plus no one knows my passwd or that I use the same for root and user but people on LQ now. oops..

they would not provide a sudo NOPASSWD if it wasn't secure . being in root at all times. I've done that too before, did it for a week straight. np

I too am not a paranoid personality not to say you are, I do not know you that well to determine that, only that I do not worry about security on this laptop other then my passwd to get in to it. which no one knows.

Last edited by BW-userx; 07-26-2017 at 05:12 PM.
 
1 members found this post helpful.
Old 07-26-2017, 05:43 PM   #10
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138
Quote:
Originally Posted by BW-userx View Post
because in user I do not get that problem, it is only when I need to use sudo I just bypass the passwd is all, when I use su or su - I still got a put a passwd in
Doesn't matter. Requiring a password for su when you can sudo without one is 100% pointless, since "sudo -i" will get you a root terminal anyway.

Quote:
Originally Posted by BW-userx View Post
It is just me and my laptop . no one uses it but me, so I do not worry about that . plus no one knows my passwd
Doesn't matter. Scripts run as your regular user all the time, from various sources. If any one of those can run sudo and then do anything it wants to as root, you may as well not even have a password.

Quote:
Originally Posted by BW-userx View Post
they would not provide a sudo NOPASSWD if it wasn't secure .
That is a horrible, HORRIBLE way of approaching security. It is absolutely insecure, it's one of the worst things you can do on your machine. They added it because it's a feature and somebody, somewhere, might have some reason to need it. They did not do it because it's secure. You can also get rid of your root password, open up root SSH access, and forward port 22 in your router to your machine, so that anybody anywhere can log into your machine as root without a password. Nothing will stop you from doing that on your machine, but obviously it's a horribly insecure thing to do. Linux does not stop you from doing stupid things. Linux provides the functionality to do anything you might desire, and then hands you the keys. It's up to YOU to make smart decisions, it is not the software's job to protect you from yourself, that's Windows' attitude. Just because a piece of software lets you do something, that doesn't make it a good idea...

Quote:
Originally Posted by BW-userx View Post
I too am not a paranoid personality not to say you are, I do not know you that well to determine that, only that I do not worry about security on this laptop other then my passwd to get in to it. which no one knows.
Doesn't matter if no one knows it, because as soon as you log in and start using the machine, running web browsers, downloading and building source code, etc., you're allowing hundreds/thousands of scripts to run under your UID. If one of them tries to sudo, it'll succeed, and then it can do anything it wants.

Last edited by suicidaleggroll; 07-26-2017 at 05:45 PM.
 
3 members found this post helpful.
Old 07-26-2017, 05:46 PM   #11
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
Quote:
Originally Posted by suicidaleggroll View Post
Doesn't matter. Requiring a password for su when you can sudo without one is 100% pointless, since "sudo -i" will get you a root terminal anyway.


Doesn't matter. Scripts run as your regular user all the time, from various sources. If any one of those can run sudo and then do anything it wants to as root, you may as well not even have a password.


That is a horrible, HORRIBLE way of approaching security. It is absolutely insecure, it's one of the worst things you can do on your machine. They added it because it's a feature and somebody, somewhere, might have some reason to need it. They did not do it because it's secure. You can also get rid of your root password, open up root SSH access, and forward port 22 in your router to your machine, so that anybody anywhere can log into your machine as root without a password. Nothing will stop you from doing that on your machine, but obviously it's a horribly insecure thing to do. Linux does not stop you from doing stupid things. Linux provides the functionality to do anything you might desire, and then hands you the keys. It's up to YOU to make smart decisions, it is not the software's job to protect you from yourself, that's Windows' attitude. Just because a piece of software lets you do something, that doesn't make it a good idea...


Doesn't matter if no one knows it, because as soon as you log in and start using the machine, running web browsers, downloading and building source code, etc., you're allowing hundreds/thousands of scripts to run under your UID. If one of them tries to sudo, it'll succeed, and then it can do anything it wants.
basically I do not care --- I never had an issues doing like this and as I said I am not going to turn into some paranoid person over it and allow them maybes to run my life.
 
1 members found this post helpful.
Old 07-26-2017, 07:27 PM   #12
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,893

Rep: Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613
Problem is if they do get in (which is likely by the sounds if it), they can use your machine to attack others.... that's why we care.
If you were not on the net, it wouldn't matter (to us).
 
2 members found this post helpful.
Old 07-27-2017, 01:13 AM   #13
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,699
Blog Entries: 16

Rep: Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382Reputation: 3382
NOPASSWD is useful for the shutdown command. I wouldn't use it for anything else.
 
1 members found this post helpful.
Old 07-27-2017, 07:36 AM   #14
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (current), FreeBSD, Win10, It varies
Posts: 9,952

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
so i am the bad guy? I a the enabler? Just because I do not want to type my password in every time I need to use sudo command? I do not think so. Locks only keep honest people out.
 
1 members found this post helpful.
Old 07-27-2017, 10:44 AM   #15
JeremyBoden
Senior Member
 
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,901

Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
If you are determined to act as a bot device, have you considered even using an extremely short password?
It won't deter a proper attack, but it will prevent someone submitting a sudo command - just to see if there is absolutely no security.

I also suggest you start leaving the front door of your house open, at all times.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sudo rmmod psmouse + sudo modprobe mouse = stuck Chripcikas Linux - Newbie 2 07-23-2017 06:06 PM
sudo: effective uid is not 0, is sudo installed setuid root? awladnas Linux - Newbie 10 08-30-2014 06:03 PM
Question about the sudo command, specifically how to have sudo act as if user is root slacker_ Linux - Newbie 17 09-22-2013 03:48 PM
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 01:36 AM
Unable to redirect all sudo messages to /var/log/sudo driftwood Linux - Server 2 10-18-2012 04:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration