Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Check the config for sudo in /etc/sudoers (use the visudo command, not a normal text editor), it may be that someone has configured sudo to behave that way (which is a very bad idea).
I have Xubuntu until I close the xterminal that I used sudo in, will retain the password untill closed. I don't know how long it remains that way as I usually close the xterminal as soon as I'm done running sudo commands. If I open a second xterminal and the first terminal is still open after running sudo on the first terminal, the second xterminal will ask for the password initially also.
Last edited by colorpurple21859; 04-21-2015 at 08:23 PM.
I don't use Ubuntu often but my experience with a terminal is the same as described by colorpurple 2159. Open a terminal and enter any command requiring sudo and a password is needed. Using the same terminal for another command requiring sudo whether to open a text editor, file manager, web browser or any other action does not ask for a password. Close the terminal, open a new one and the first sudo option will again demand a password.
Actually, sudo su is a gaping security-hole(!!) on a great many systems, including nearly all of the Macintoshes that you see being used at any-and-every coffee shop.
(So much for Macs being "immune to exploits" ...)
Most-unfortunately, I typically find that this command works on most Linux and Unix systems that I encounter. If I am able to use sudo at all, I find that I can usually issue sudo su, and thereby gain full root privileges using nothing more than my own(!!) password ... even if (as usually is the case with OS/X) "the actual root user is disabled."
"Heh..." ( ... ) "reckon it don' matter much whether-or-not I actually amroot, if I find that I can do everything he does, using nothing-more than my password!"
Yep. Apple, of all companies on this planet, should know better. But apparently they don't. (And, equally apparently, the vast majority of "Linux distro" authors don't seem to, either.) Guess this must qualify as a "dirty little secret."
Last edited by sundialsvcs; 04-22-2015 at 07:36 PM.
The big issue here is that "root" is dangerous. For security many modern distros lock out the root account during install and the first user account that is created is an Admin account. User account with sudo access. The big problem hear is that many users, myself included use weak/no passwords for there user(Admin) account. Since "root" was locked out for security purposes sudo is configured to ask for the user's password. This allows users to run commands that require root access using sudo(Switch User and DO command) or run su(Switch User) This is actually less secure due to most users having weak/no password for their user account. Then there is the "Lazy" feature that allows sudo to remember your authentication and allows you to run sudo without requiring a password for a configurable amount of time. This feature only works for the current login session Each terminal window you open will be a new session and thus require your password the first time you run sudo or su. One of the reasons I don't like ubuntu or any modern distro that locks out root for security. on my Fedora 21 install I have a strong password for "root" and weak password for my account. none of my users have access to sudo and any attempt to run sudo will fail with a warning that you are not a member of sudo and thus will be reported to root. If I run su as a user then I am asked for the roots password not my weak password.
Root is not dangerous. Root is a fundamental and useful basic design concept in Unix-like operating systems.
Lack of knowledge about basic concepts, including root, coupled with a willingness to blindly try things anyway is dangerous - in any sphere!
Willingness of some distro developers to reinforce, rather than fix this lack of knowledge, disabling root accounts and misusing and abusing sudo in an effort to create some new and ill-defined category of user called "Admin" only makes matters worse.
Root is a design constraint, learn why and how it works.
Sudo is a useful and safe tool when used properly, learn how to use it properly.
Root is not dangerous. Root is a fundamental and useful basic design concept in Unix-like operating systems.
Lack of knowledge about basic concepts, including root, coupled with a willingness to blindly try things anyway is dangerous - in any sphere!
Willingness of some distro developers to reinforce, rather than fix this lack of knowledge, disabling root accounts and misusing and abusing sudo in an effort to create some new and ill-defined category of user called "Admin" only makes matters worse.
Root is a design constraint, learn why and how it works.
Sudo is a useful and safe tool when used properly, learn how to use it properly.
The title of this whole thread is misleading. Sudo, su , and the root account are NOT dangerous. What is dangerous is the way these are being used to make system administration more convenient and less secure. This is no loop hole, just poorly done administration of Linux systems to simplify Linux for people who do not care to learn how to actually use Linux properly.
For anyone still confused: you don't actually need sudo. Learn a bit about system security.
For anyone still confused: you don't actually need sudo.
That statement may or may not be true, depending on the environment. While on single user desktop systems one certainly does not have a need for sudo other than convenience, this might not be true in environments where different users need to have access to different administrative tasks without having full root access.
That statement may or may not be true, depending on the environment. While on single user desktop systems one certainly does not have a need for sudo other than convenience, this might not be true in environments where different users need to have access to different administrative tasks without having full root access.
True. I was assuming based on the context of previous replies that we are talking about single user desktop or laptop systems. I have in the passed configured a server to use sudo to allow a limited set of commands to a administrative database user, a user to manage Apache, or a user that strictly handles software updates / installation.
In general though for laptops or desktops sudo isn't imperative to operation. Most definitely sudo SHOULD NOT be set up to allow root access without a password. The one exception to passwordless sudo root access is on a Live image like a live cd or live usb disk. The only reason a live image should allow this is if the file system is mounted read only, and most of these types of images are booted read-only. This prevents permanent system compromises since writing to disk is impossible.
Distribution: Void, Linux From Scratch, Slackware64
Posts: 3,150
Rep:
Quote:
Originally Posted by colorpurple21859
I have Xubuntu until I close the xterminal that I used sudo in, will retain the password untill closed. I don't know how long it remains that way as I usually close the xterminal as soon as I'm done running sudo commands. If I open a second xterminal and the first terminal is still open after running sudo on the first terminal, the second xterminal will ask for the password initially also.
This is correct behaviour as opening a new terminal starts a new shell with a new sudo timeout, there is little or no interaction between the two terminal sessions under normal circumstances, for instance set a variable in the first terminal and then open a second and the variable will not be defined, depending on how you open the second terminal.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.