|
how come sudo doesnt make it so anybody can become root?
if you type sudo bash even a reguler user becomes root
its not a problem because i dont use the multiuser system but doesnt this defeat the privledge system? |
Hi Sudo isn't really about becoming root, since once a user uses sudo su - or sudo bash they can do whatever they like and from a system auditing point of view it becomes hard to track down what that user does.
Sudo is designed to give normal users elevated permissions. Exmaple, lets say we have a helpdesk, they need to be able to start and stop apache, under normal conditions they cannot, but we can grant them permission just to run the commands they need to do this task. That way apache is still run as root but the commands are locked down to only those specified by the admin. Good news for the admin as well, now he doesn't get called every time the helpdesk can now do it. You can create groups of system, users and commands to give better control. There's more to it of course but thats the basics. |
On most distributions regular users aren't given the flexibility to run whatever they want. sudo is only there so that the administrator can give them the ability to run specific commands under specific conditions, and only after being explicitly configured to allow it. You can't use sudo to run things like bash unless the administrator lets you.
However the developers of Ubuntu and its relatives have decided to use sudo in a different way. It's their belief that users switching to a root console and then leaving it open for protracted periods of time is a bigger overall security risk than simply giving them the ability to administer the entire system with sudo as needed. The fact that you can use it to switch into root isn't the issue for them; they just think it's better to not need to do it. It's basically a risk trade-off, with different people having different views on what's most important security-wise. |
i am not concerned on security and thats part of the reason i dont lie Ubuntu
i just thought sudo was a security hole |
I'm an Ubuntu novice, but IIRC after a 9.04 installation, only the account that I created at install time was a full sudoer. I added accounts post-installation, and they were not automatically made sudoers.
The implication to me is that they (Ubuntu team) expect that the initial account will be acting as admin as well. |
Quote:
|
You can always set sudo to behave the way you want it to. You need to configure it.
|
configurable? neat
|
Configurable?
That's what we've been saying from the beginning. Sudo is simply a way for the root user to give other user's permission to run certain commands with elevated permissions, so it certainly is configurable. Highly configurable. In Ubuntu they've simply configured it by default to give the first user complete access to the system (as well as simultaneously disabling the root password), but there's no reason you can't reconfigure it to include or exclude whatever commands and users you want, or even if they need to use passwords or not. It's all up to what you put in the /etc/sudoers file. Check out the man pages for sudo, sudoers, visudo, and the copious information on the net about it. |
Perhaps, you should be using "visudo" to edit the sudo configurations. Check man pages for quick reference. There are plenty of good guides available in the Google.
|
Quote:
I wish the *buntus would stop this and just use root and sudo the way they were intended. Sooner or later this sort of behavior is going to cause a huge security breach in the *buntus. |
You should be able to vi /etc/sudoers as well.
|
@abefroman
You might already know this, but Quote:
|
Quote:
|
visudo often helps to eliminate some common mistakes that users make while creating sudo rules. It is always advisable to use it. The most adorable feature that I liked about visudo is that it will always tell you about a wrong rule when you want to save and come out of the vi editor.
|
Quote:
|
Quote:
If you wanna make a safe distributions, how about one that warns a user every time they use an unencrypted protocol (IE FTP, VNC) across the internet that other people maybe able to view their username and password. Also ubuntu doesn't encourage things like locking down /tmp in ways that reduce the number of rootkit vunabilities you have... I am curious with Ubuntu, what happens if you need to run a manual FSCK and it requires the maintainance password... is that the initial user password? or does this lead to a whole different level of headaches. Or worse yet, does it let just anybody into the maintainance terminal =P? But as it goes, user apathy to server security/protection is my number 1 reason why servers get hacked (any OS). While direct logins as root and browsing the internet as root are on the list of insanely crazy things to do, most OSs disable or warn about GUI root logins and SSHD is easily configurable to disable direct root logins... but leave the benefit of "SU" and/or console root logins can be in my opinion beneficial and just easier... |
Quote:
Quote:
Quote:
|
This thread is perhaps past its prime, but my buttons have been pushed....;)
I had a chat with a Ubuntu rep at the last SCALE. He was arguing that their no-root-user weirdness was actually a plus for security. I don't remember what the rationale was, but I was not impressed. Since then, I have read about people being disciplined on the Ubuntu fora for divulging the "secret" to enabling the root account. Bad dog, Ubuntu---BAD Dog!! As for "sudo bash" creating a security hole, consider some other security holes:
If you want real security, you have to control who has physical and network access to the hardware. |
Quote:
However in no way should the uninformed actions of an OP who clearly does all the right stuff for all the wrong reasons be left unchallenged. |
I can see your logic, but let's try a loose analogy:
Suppose I check in to the ArchLinux forum and post something on how to disable pacman and set up Arch with Synaptic.....Or maybe how to get rid of rc.conf and replace it with something more "normal". Will I get disciplined or ejected from the forum? I think not. Carrying it further: Suppose I posted instructions on how to set up Arch to be like Ubuntu? They are still not going to punish me. LAUGH AT ME--perhaps. I'm obviously in the camp that NO-ONE should be practicing thought control. AND--look at Mint: They don't bother just **telling** you how to have a root account---they put it in the installer as an option. |
Another slightly more obscure analogy:
Circa 1970, I pull the 2-speed Powerglide out of my Chevy Impala, and replace it with a 3-speed hydramatic. Off to the dealer to get the right speedometer gears. Tell dealer person what I have done. Answer: "You can't do that." Showing him the actual car in which I had successfully driven to his establishment did not seem to make an impression..... Moral: The world is full of people who are quite willing to decide how you **should** do something, but there is only ONE person who **should** be making the decision. I want Ubuntu to advise me, not to dictate. |
To be honest what put me off of Ubuntu was it's inability to actually work on any system I put it on, it's probably more compatible by now but when I place it on my state of the art white boxes I just use to get so many graphical glitches and compatibility issues it wasn't worth it. Now I just use CentOS since I am use to dealing with it so much as it's the mode OS used in the data center that I work in. Also I rarely get graphical problems with CentOS...
But as for Ubuntu's Security, naturally as I never got on with it, it wasn't til I came across servers that used it that I found out just how annoying the whole distribution actually is when you ignore the putrid orange interfaces... The whole not allowing logins as root is something I just by-pass in 10 seconds if I do have to use it for some reason, I am after all in my line of work, use to having to by-pass people securing themselves so well they secure themselves out of their own servers. |
this is whyy i dislike Ubuntu
Quote:
|
The main advantage of sudo allow certain users and administrators to run root commands without needing to distribute the root password. You can temporarily give someone permission to run sudo and then remove this privilege later.
Also look at using PolicyKit for the types of things that regular users may commonly need to do. For example, there may be a setting to allow a user install updates. This would allow a user click OK in the updater applet without then needing to enter the root password. Or perhaps allow the user to change the pulse audio setting to high priority. It can be difficult totally eliminating holes in using sudo. Such as using rvim; forbidding "sudo su -"; using a different mail server without an escape character, etc. It may be combined with kernel auditing to audit all root commands. IMO, this is more likely the case for servers where an inflexible policy is more useful. The only difficulty I would have with Ubuntu is using redirection is more difficult. The > and < operators manipulate files with the privileges of the "sudo" command not the command you are running. |
Quote:
|
Quote:
Quote:
Quote:
|
Ubuntus horrable prompts remind me of windows vistas UAC
that i disabled the first day i feel restricted in ubuntu so i do not use it and i feel i have to warn other people about it |
This is an interesting thread. I very rarely login to root; preferring to do almost all maintenance activity with sudo. For me this works because I don't really do that much maintenance activity, and "command not found" or "must be root" (whatever the actual messages are) are enough to remind me to use sudo. This is good, because I don't accidentally do the infamous "rm -rf /". :)
Does it make my system less secure having "myuserid ALL=(ALL) ALL"? Probably. But, I don't have any open ports, so the risk is small on a home-user desktop. I can see that in a larger installation, or on a web-open install, I might want to set aside different sudo users for different maintenance activities; even if there was only just me. I'm not convinced that logging in to root is the right option, though. |
Quote:
|
> Quakeboy02
Should be safe since that line should still require a password, however are you certain you don't have any open ports and are not running a service like SSH? Some distributions ship with SSH live and open. Also I once saw a guy do "sudo rm -rf /*" at work... just having to put sudo infront doesn't stop you doing it if your use to typing sudo when doing similar commands. Personally I have never even got anywhere close to executing that command however. Quote:
It's actually safer to have a seperate administrator account and user account (the traditional Windows Method and similarly the method I use on my Mac), however there are applications that actually take advantage of this EXTREMELY bad method of administrating a PC... it's really rather shameless how professional software development companies require administrator rights for their applications for them to be run at all and this is when they are already installed. Quote:
However even so as Jschiwal's post also says, it's a bad thing. I am yet to see what protection this is all suppose to offer anyway. I mean most if not all up-to-date distributions warn you heavily about login in as root on GUI or stop you all together on the and I can't see what on the CLI would be any more open to being logged in as root over using sudo. All I really see coming out of it, is teaching people how to abuse SUDO and not really consider using sudo for things like only giving people the privellages on the indivual commands or scripts that they need. |
one good advice would be
look at the command before you execute it and if you see you have executed something bad (like sudo rm -r /) first try control+C if that fails cut the power |
Quote:
Mostly I was just pointing out that logging in as root is akin to carrying a loaded gun with the safety off. Sudo is like that safety, but if you always use sudo, you get the habit of turning the safety off at any excuse. That's not good, either. In my case, I do very little maintenance work, so I'm not a victim of habit. The few admin things (mostly updates) that need to be done in the GUI force gksu to come up, so I'm protected on that front. You poor buggers that deliberately expose ports to the internet: good luck! :) |
Alot of computers aren't even running a firewall or behind a hardware one... I know where I work it's a part of our policy to enable the OS supplied firewalls by default with necessary ports open, but would you believe some of our customer's rather then put up with the luxery of opening/closing ports on the firewall would rather just turn the damned thing off... I kid you not. I always advise the customers against such actions of course.
Sudo is as much a safety latch as SU or login as root, you don't login as root unless your doing things that need to be ran as root. In reality it doesn't stop you killing a system if you run the wrong command... The only thing that stops that is not doing none root activities as root in the first place. You shouldn't need to be root or have root to remove directories if user settings are set correctly as most of the file system you shouldn't really be touched that often, mostly what you should be touching is in /home and should already be under your control to remove. Quote:
|
Quote:
Quote:
Quote:
|
| All times are GMT -5. The time now is 07:13 AM. |