What is the best practice for setting up accounts with administrative permissions?

Should I have a user (other than root) set up for administration that I SU to from my regular account when needed?

Should I allow my regular account to have sudo access?

What is the recommended method for a desktop system that needs to be secure?

Hi
Easy (for me) there is ONE user (root) that can do anything, you can SU to that from any user. I (then again, that's me) do NEVER use SUDO...it's an other/extra level of "stuff"...
Not required, the regular can do that too...
If you have multiple users on one desktop, then SUDO can be handy, as it excludes anyone not in the sudoers file...if it's your exclusive baby...nah...
Simple:
- common sense.
- dont let anyone not authorised near the box
- if you have to allow guests on the system, set up a different PC altogether...
- use sensible passwording, the name of your goldfish will not do
- change passwords regularly if the box is in a space that is frequented my untrusted persons (beyond the the first-line family that is)
- trust...Linux...just...trust it.
Thor

Whereas, for me, there is o-n-e "administrative" account which is capable of obtaining root access by means of sudo su. And I never log on to it, except and unless I am actively performing system maintenance.

And I never log-on directly as root.

For "application-level" maintenance, I have another designated account. This account is not privileged, but it does wind up being "the owner of" all of the application-specific libraries, resource directories, executables and so forth. This (one) account has access to "the directory in which 'local applications' are stored."

And then, there are my various "work, or project-specific," accounts. Every project has one, and it has all of the files, all of the profile-settings, all of the unique environment "that this project needs." None of these are in any way privileged. Each one is isolated from all the rest.

When I "put on my Accounting hat," that user is entirely walled-off from the others. When I am dealing with subcontractors or acting in my capacity as a corporate officer, I have individual accounts for each of those roles. And they are all sealed-off.

And finally, there's the account I'm using right now: the "okay, the work-day is over" account. The one that I use for goofing-off on the Internet, or for creating music (my main hobby), and so on. Entirely non-privileged. Even though "I own the place," so to speak, the computer treats me as just another goon.

This arrangement incorporates both the principle of "separation of concerns" and "the principle of least privilege."

My assumption is: "the computer has no idea, really, how or when to say 'Yes.' But it is really good at saying 'No!'"

Therefore, in each and every thing, "give the ('1' or '0') digital(!) computer a strictly 'bright-line' rule." No thought required. No shades of grey. "The answer is "(not only No but Hell...) NO ... "0" ... except, specifically ..."

Each time you find a way to make the selection-criteria narrower, do it. "Manage by exception."

3 members found this post helpful.

@sundialsvcs: Nice post. To be followed!

is this a HOME or WORK machine ?
there is a very BIG difference !

is it ONLY you ?
or you and your SO ( with or without kids) ?

the situation and use DICTATE this so .....

but NEVER set up TWO "roots" , bad idea VERY BAD

if more than just you need administrative authority set up "sudo"

"su" and "su -" use THE ROOT PASSWORD!!!!
"sudo" is the one that lets a NORMAL user do some things with "root" authority


do some RESEARCH !!!

sudo is a MAJOR security hole and oops just waiting to happen

fedora ,rhel,centOS do NOT use "sudo" by default for this reason

you the user need to set it up and turn it on

OpenSUSE and Debian allow you to set this at time of install
to use "su -" or to use "sudo"

on a single user box ( just me ) i RECOMMEND NOT!!! using "sudo"
( unless you DO want to get some experience using it )

sudo DOSE have it's uses

i like SElinux ,but that is my choice

basically fallow any of the " good practices"


side note
? yes and NO

MOSTLY NO!!!
almost always NO
( do not log into the GUI as root )

but there are some real reasons to do so -- NOT MANY !!
and some Operating systems WILL ACTIVELY PREVENT YOU FROM DOING SO !!!

others , they WILL let you shoot your self in the head with a 44 magnum
" do you feel lucky ? "
so TAKE CARE !!!

@ OP - never log on as root. There are sane reasons root does not even have a GUI ... she has no need for it...
For all their good points, there are distros that do log in as root, full fledged and system wide...but, these distros are not really meant for daily casual use anyway...
As JohnVV stated, SUDO is a timebomb, mainly because is eases root access while accessing root status should be a hard process so the one trying to get there is aware what is at stake here...
Personally, I dont use SUDO. Had to install it once, I did so dragging my feet...
Consider a modern car. It can be tuned using a laptop (seen it done on mine) - but...who does that? The technician, not you and me (the "users")...
SUDO basically gives you that very laptop, the cable...and the responsability without a safety net...
Using Root is like wall climbing...use a harness...a helmet...and common sense but dont live on that wall...

Your system might well be far less secure than you think. For instance, if you are a member of the wheel group, or if on OS/X you are an "Administrative User," try this command:

sudo su

If, upon entering your(!) password, you are rewarded with a # prompt, then ... you are root. Therefore, "root's password is (just) ... your(!) password."

If, say, "you like to use the same password over and over again," and you, say, sign-in to LQ using that password, then all I need to do is to "sniff" what you're sending. Maybe then I have the ability to surreptitiously gain root-access to your machine and run amok with it.

• A rogue is "you."
• "What is 'convenient' for you ... is also convenient for a rogue."
• "What 'you' can do, so can the rogue, if it can only guess how."

Therefore, keep your Superman Suit locked in the closet!

2 members found this post helpful.

to "sudo" or NOT to "sudo" that is the question ....


it has it's uses and is GREAT for some things
but not so good for other things

and using it ALSO really depends on your OS

Ubuntu no longer uses a root account so "sudo" is forced on the user

OpenSUSE13.? and Debian8 you the user can decide at time of install

RHEL and fedora - after install you can decide

Manjaro and FreeBSD...they demand a root account besides the regular account...or the install it out the window...LOL

sudo is a very powerful and very useful tool when it's used correctly.

Ubuntu and Friends' hair-brained security implementation is to separate users into "Admin" and "not Admin" roles, and to give the "Admin" users unlimited sudo access to anything under the sun. This is NOT using sudo correctly, and is a horrible security flaw in my opinion.

The PROPER security model, in my opinion, is to have:

1) A real root account, not locked out like Ubuntu, but a real, accessible account, with a VERY strong password that is about as un-crackable as you can get. Impossible to remember, likely created by a random number/character generator. This will be written down somewhere, then locked up so only a very select few have access (fireproof safe, or along those lines). It will also be changed regularly - after all, since it's randomly generated and illegible/impossible to remember and is locked up in a safe, what's the harm in changing it every few months?

2) root SSH access shut off, obviously

3) System admin(s) have sudo access. Their sudo access should be limited, however, to those commands that need to be run on a semi-regular basis, and don't impact system security. What these commands are depends on the application...maybe some specific service start/stop commands, read/write access to some select config files, etc.

The goal is to make the root account so impossibly inaccessible that it will never be accessed by unauthorized users, while at the same time allowing the system admins to do their daily jobs without having to access the safe to grab the root password all the time. The less they have to access it, the less "inclined" they'll be to make a local copy or memorize it, either of which would blow the security model.

1 members found this post helpful.

What is the best practice for setting up accounts with administrative permissions?

set up the least number of accounts with any kind of administrative privilege. the more accounts with privilege the greater the risk. and also what kind of privilege going to those accounts matter along with the persons you give them to- you need to verify those admin persons are trustworthy and competent.

Should I have a user (other than root) set up for administration that I SU to from my regular account when needed?
sounds like the concept of least privilege. i think it was already said, the more privilege you give to an account the greater the risk. it depends on the type of system and location and use. if it's in a setting where there is legal implication then you would want to set it up properly, but for many systems you get into the paranoia realm and exceed the point of no value added you're only adding overhead and complexity.

Should I allow my regular account to have sudo access?
that's for you to decide, sundial's reply in post #3 described things pretty well. but again i think it depends on the type of system and what it's used for. if it's a simple home system with you and the kids or roomates where you only worry about them nuking the system by playing around under the control panel then i don't think you need to go crazy. but if it's for work, has legal implications if there's a problem and you need to have data protected and audited then you want to control who can gain elevated privileges regardless of the means.

What is the recommended method for a desktop system that needs to be secure?
not work related then I would say just a strong root password, and at most restrict what accounts can su to root. all user accounts would be the typical restricted user accounts and those are always what you use to log in, or remotely log in with if allowed. for remote log in over network again depending on location and what the system is for you may not want to allow any type of root or elevated privilege so you would not want them to be able to use sudo, and only accounts for people that are trusted with physical access and have console login to the system can then gain any type of elevated privilege.