sudo is junk in ubuntu. thinking about adding a root user.
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Why should I have to guess your password? A hacker would be using a dictionary attack.
But since you don't want me to make assumptions, please eliminate the need for them. Explain EXACTLY what circumstances for a hacking attempt you're talking about, where Ubuntu's sudo is supposedly more secure.
Oh--I didn't bother noting it before, but a 5 letter password is simply not sufficiently secure for anything where a brute force attack is possible (regardless of whether it would be guessable via dictionary attack).
In any case, a normal root account with a 10 letter password is more secure than a user account with a 5 letter userid and 5 letter password.
Oh--but there are those ASSUMPTIONS again...so please. Explain precisely what sort of situation you're imagining where Ubuntu's sudo default is more secure than a root account.
At any rate, as far as I'm concerned the proof is in the pudding. The majority of servers on the 'net have normal root accounts, proving every day by example that they can be sufficiently secured.
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495
Original Poster
Rep:
Quote:
Originally Posted by Xena
Technically, yes, practically, no.
If I try every combination of aaaaa to zzzzz as passwords, for example, for the user "root" I need to try 11 million times.
If there's no "root" account enabled, then I must try every combination of usernames aaaaa to zzzzz with password aaaaa to zzzzz, which is 11 million times 11 million times, which is rather a lot and probably beyond the patience of all but the most determined.
So, I'd count this as a very good "non-feature"
I have logged into a XUBUNTU box (which is the same thing as Ubuntu except the windows manager is XFCE, not Gnome) as root with ssh. Most Ubuntu boxes allow logging in as root because that's the way Ubuntu comes by default. If not the user is intelligent enough to disable root logins, then someone will have to try 11 million times 11 million or just simply know a user name.
I've noticed the same thing on SuSE linux when I tried to add a line to the hosts file. It holds true for redirections from the command line and not just the echo command, but not if you sudo to run a script that contains redirections to a read only directory it works. I'm not certain if there is a reason for it this. But it isn't Ubuntu that is doing it.
Why sudo doesn't allow redirection in interactive shells I don't know. Does this mean that a line like
sudo echo "1" > /proc/net/ipv4/ip_forward
won't work?
Actually, sudo has no say on how redirection is handled. Redirection is a shell function. The shell, presumably bash, is running as the normal user. So what happens is:
1. bash interprets the arguments, splitting it up into:
a) sudo -- the command to be executed
b) echo -- the first argument to be passed to the command
c) 1 -- the second argument to be passed to the command (note that bash strips the quotes)
d) /proc/net/ipv4/ip_forward -- the name of the file to redirect output to
2. bash attempts to open up "/proc/net/ipv4/ip_forward" with write access. It fails here, but assuming it could have succeeded, then it would continue...
3. bash executes the command "sudo", passing the arguments "echo" and "1". Any output from this command is processed by bash and is written to "/proc/net/ipv4/ip_forward".
4. When the command "sudo" completes, bash closes the output file and produces a command prompt for user input.
When you put this command in a script, it's still bash doing all this work. The difference is that the instance of bash running the script is a new instance of bash being run by the root user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.