LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-24-2015, 03:45 PM   #16
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142

Quote:
Originally Posted by Shadow_7 View Post
You can have more than one user. And you don't have to have easy passwords on any of them.
Root's password should always be as hard or harder to crack than any user password. If it's not, then the person who set it up did it wrong.

Quote:
Originally Posted by Shadow_7 View Post
The root password is sometimes easier to guess than users passwords.
Then the person who set up it up did it wrong.

Quote:
Originally Posted by Shadow_7 View Post
Since it's likely the same across multiple machines.
1) Then they're doing it wrong
2) And a user's password isn't?

Quote:
Originally Posted by Shadow_7 View Post
Plus comes with a default password in many distros
Since when? I have never seen that, and I would be extremely shocked if that was the case with any mainstream distro.

Quote:
Originally Posted by Shadow_7 View Post
And you already know that the username is root.
And since remote access is disabled for root by default on most distros (and should be immediately disabled by the admin on the rest of them), that doesn't really matter.

Quote:
Originally Posted by astrogeek View Post
NOT if it is PROPERLY configured and used, as opposed to being wounded and left to bleed as is done by some distros.
Agreed, sudo can be a very useful tool when it's configured correctly. Ubuntu's approach is a joke.
 
Old 08-24-2015, 04:09 PM   #17
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,286
Blog Entries: 24

Rep: Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238
Quote:
Originally Posted by suicidaleggroll View Post
sudo can be a very useful tool when it's configured correctly. Ubuntu's approach is a joke.
Agreed, and a somewhat cruel joke in that it ultimately cripples new user's ability to understand related concepts.

Hammer and nail analogies usually apply here, so let's contrive a new one...

Faced with confusion and awkward use of hammers by some users, the Ubuntu Kit Home Company decided to include pneumatic nailers with its kits instead. Unfortunately, they failed to properly document the new tool and its uses, so the most common complaint now goes something like this...

Quote:
" Dragging that hose around the jobsite was hazardous, so we have now removed it from our nailers.
It is not very clear what it was there for in the first place and removal does not seem to otherwise affect
operation of the nailer.

It is also much more difficult to hit the head of some nails with this tool and it does not seem to hold
up to frequent use as well as might be expected, the plastic parts being easily shattered within the
first few hits."
 
1 members found this post helpful.
Old 08-24-2015, 04:10 PM   #18
hortageno
Member
 
Registered: Aug 2015
Distribution: Ubuntu 22.04 LTS
Posts: 240

Rep: Reputation: 67
Quote:
Originally Posted by suicidaleggroll View Post
You're right, which is why Ubuntu's security policy is so ridiculous. It simply disables the real root account, and forces the first created user to become "root" instead. So now instead of having a real root account with a strong password that you can't log into graphically and can't ssh into (most distros disable root ssh access by default), you have an account that for all intents and purposes is root, yet it uses a traditionally weak user password AND it has full ssh functionality AND you log into it graphically every day.
I don't know where you got this from, but the last time I checked the first created user is in the "sudo" group. This is different from being root. And by default Ubuntu doesn't have openssh-server installed.
 
Old 08-24-2015, 04:24 PM   #19
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
Quote:
Originally Posted by hortageno View Post
I don't know where you got this from, but the last time I checked the first created user is in the "sudo" group. This is different from being root.
Sure, it puts them in the sudo group, and if you look at /etc/sudoers you have this little gem:
Code:
# Allow members of group sudo to execute any command
sudo   ALL=(ALL:ALL) ALL
The end result is that the first configured user (and anybody else placed in the sudo group) is granted full, unrestricted sudo access. This essentially turns that user account into root, because it's now allowed to do anything, without limits or restrictions, just like root can.

Quote:
Originally Posted by hortageno View Post
And by default Ubuntu doesn't have openssh-server installed.
Most distros don't...the point was that once the ssh server is enabled, you now have essentially opened up root ssh access. Similarly once X is installed, you now have essentially opened up root GUI logins. Both of which are security problems, but Ubuntu forces you into it.

Last edited by suicidaleggroll; 08-24-2015 at 04:34 PM.
 
Old 08-24-2015, 04:34 PM   #20
hortageno
Member
 
Registered: Aug 2015
Distribution: Ubuntu 22.04 LTS
Posts: 240

Rep: Reputation: 67
Quote:
Originally Posted by suicidaleggroll View Post
Sure, it puts them in the sudo group, and if you look at /etc/sudoers you have this little gem:
Code:
%sudo   ALL=(ALL:ALL) ALL
The end result is that the first configured user (and anybody else placed in the sudo group) is granted full, unrestricted sudo access. This essentially turns that user account into root, because it's now allowed to do anything, without limits or restrictions, just like root.
...after typing in his password. This tiny detail makes the difference. He is NOT root. And if his password is weak, than THAT is the problem, not the fact that he is in sudoers.
 
Old 08-24-2015, 04:45 PM   #21
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,286
Blog Entries: 24

Rep: Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238
Quote:
Originally Posted by hortageno View Post
...after typing in his password. This tiny detail makes the difference. He is NOT root. And if his password is weak, than THAT is the problem, not the fact that he is in sudoers.
Sigh...

We should call it the Ubuntu-sudo syndrome - a powerful mental block to all further understanding.

Last edited by astrogeek; 08-24-2015 at 05:07 PM.
 
Old 08-24-2015, 04:54 PM   #22
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
Quote:
Originally Posted by hortageno View Post
...after typing in his password. This tiny detail makes the difference. He is NOT root. And if his password is weak, than THAT is the problem, not the fact that he is in sudoers.
It IS a problem...security is all about barriers. Only open up what needs to be opened up and leave the rest closed off. If one barrier gets compromised, you have another right behind it that will limit the fallout. If you don't need ssh access, don't run ssh. If you do need ssh access, shut off root ssh access so script kiddies can't break in no matter how many passwords they guess. Even if they're able to break into a user account, the worst thing they can do is wipe out that account, they STILL need to break ANOTHER password in order to do any real damage. And no matter what you do, don't log in to the GUI as root, as it opens up the entire system to vulnerabilities.

Disabling the root account and giving a regular user account unlimited sudo access removes a huge barrier. It sacrifices security for convenience, and it's just one step away from Windows' laughable "are you sure you want to do that" security prompts.

Yes if the user uses an incredibly secure password that isn't re-used anywhere else, on any other machines or any online accounts, Ubuntu's approach is nearly as secure (but still not as secure) as the traditional root approach, but that's not realistic. Under realistic conditions, Ubuntu's approach is significantly less secure, and for what? What is the advantage? So the user can be lazy?
 
1 members found this post helpful.
Old 08-24-2015, 05:25 PM   #23
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,793

Rep: Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086
Quote:
Originally Posted by suicidaleggroll View Post
Even if they're able to break into a user account, the worst thing they can do is wipe out that account, they STILL need to break ANOTHER password in order to do any real damage.
Obligatory XKCD.
 
Old 08-24-2015, 05:34 PM   #24
replica9000
Senior Member
 
Registered: Jul 2006
Distribution: Debian Unstable
Posts: 1,149
Blog Entries: 2

Rep: Reputation: 261Reputation: 261Reputation: 261
Quote:
Originally Posted by ntubski View Post
This is why I use dm-crypt, and lock my screen if I walk away for more than a minute. I could also just be paranoid.
 
Old 08-24-2015, 05:34 PM   #25
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
Quote:
Originally Posted by ntubski View Post
hah - that's a good one

Laptops are a bit of a different beast. It's not that sudo/root access doesn't matter on them, but there are other things that matter far more. Encrypted filesystems (or at least an encrypted container where you can put your sensitive documents), screen locking, etc. are much more important.
 
Old 08-24-2015, 05:46 PM   #26
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,962

Rep: Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090Reputation: 5090
One trick I use regularly is to have scripts that reinvoke themselves via sudo if they're running as the wrong user for doing whatever it is they're meant to do.
e.g.
Code:
#!/bin/bash
#######################################################################

if [ "$( id -un )" != 'build' ]; then
   exec sudo -u build "$(readlink -e "$0")" "$@"
fi

#######################################################################

### Do stuff here....
Obviously you still need to setup the sudoers rules to allow it, but you don't need to remember about prefixing them with sudo or specifying the correct user when you need to run them.

Last edited by GazL; 08-24-2015 at 05:50 PM.
 
Old 08-24-2015, 06:01 PM   #27
Lsatenstein
Member
 
Registered: Jul 2005
Location: Montreal Canada
Distribution: Fedora 31and Tumbleweed) Gnome versions
Posts: 311
Blog Entries: 1

Rep: Reputation: 59
Quote:
Originally Posted by JaseP View Post
It is a security problem to have an "active" root account (specifically, one that can be logged onto graphically or remotely). It's a bad idea. I had issues with it too, when first transitioning from Mandrake (yes, Mandrake, before Mandriva, or any of the multitude of financial issues that distro faced)... But, I got used to it...
It is often useful to log into the system in GUI mode with root privileges. Particularly if there is to be some drag and drop activities and some selective deletes of files.

Most definitely, we do not use the web during this GUI session.

Sometimes though I need to do copy/paste and selective deletes of files. I have two choices.

sudo nautilus (which gives me root privileges with nautilus) along with terminal mode to do sudo su -i,
or

When the number of files is large, and the redistribution and ownership changes are required, root with GUI is best to use.
 
Old 08-25-2015, 10:08 AM   #28
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA, Earth
Distribution: Debian/ Fedora/ Ubuntu/ Raspbian
Posts: 549

Original Poster
Rep: Reputation: 40
Well that surely stirred the pot. None of the responses answered my question. Even if I don't, I pretend to known what I am doing. So if I need to run a command as root, I do it. I am just trying to limit my error prone typing. When I call a command that needs root, I just hit command recall and prefix the command with sudo. Extra typing! I am the only one using my systems and don't need the extra security.

I guess what I am looking for is a way to prefix the last command line with sudo, like a keyboard shortcut, maybe "CTRL-Enter"?

I run Ubuntu, Fedora, Raspbian and would like universal fix.
 
Old 08-25-2015, 10:41 AM   #29
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,793

Rep: Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086Reputation: 2086
Quote:
Originally Posted by MrUmunhum View Post
I guess what I am looking for is a way to prefix the last command line with sudo, like a keyboard shortcut, maybe "CTRL-Enter"?
Add the following to ~/.inputrc:
Code:
# CTRL-P to get previous line, CTRL-A to move cursor to beginning
"\C-t": "\C-p\C-asudo "
That works with CTRL-t, I think CTRL-Enter can't be distinguished from Enter unless you do something special to your terminal. The above should work with any system using bash.
 
Old 08-25-2015, 10:43 AM   #30
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA, Earth
Distribution: Debian/ Fedora/ Ubuntu/ Raspbian
Posts: 549

Original Poster
Rep: Reputation: 40
OK, then command line I need is:
sudo !!
Now how do I add that to my Window Keyboard shortcut list?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How do i log all commands run by a user after elevating himself as root using sudo Arvind Shivaramakrishnan Linux - Server 2 03-11-2015 04:46 AM
[SOLVED] Running Java program as Root (sudo) - Root Commands? derekpock Programming 3 07-27-2013 11:00 AM
[SOLVED] allow normal user to exec some root commands w/o sudo gujedan Linux - Newbie 12 11-10-2011 11:16 PM
Doubt concerning keeping record of all commands executed with sudo or as root: Maragato Linux - Security 2 05-14-2011 09:06 AM
[SOLVED] Sudo does not allow access to root commands psionl0 Slackware 12 02-22-2011 03:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration