MEPISThis forum is for the discussion of MEPIS Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For rick or anyone reading. . .how safe is "sudo?"
rick, you mentioned that "sudo" gives you root power for that one command and only that one command.
Did I get that right, or did I misquote / misunderstand you?
In any case, whether "sudo" grants root power for one command or many commands, I have this question:
How safe is "sudo?"
Think about it like this:
With "sudo" all you need to type to gain God status are 4 letters that everyone knows: sudo.
On the other hand, if you have a root password that only you know, then only you can have God status. A root password provides a security hurdle that only the administrator can over-ride.
From this p.o.v. it seems that "sudo" is a disaster waiting to happen.
Even if "sudo" gives you root power for only one command, that still is root power in the hands of any user, not just the administrator.
What is to stop a troublesome average user from dropping one well placed "sudo" command to screw the entire system?
I'm not trying to flame "sudo" but I am just shocked to learn this and trying to describe the issue to the best of my understanding.
No, I believe sudo only works for the user that installed the system.
Sudo works for anyone in the "sudo" group. I believe Ubuntu defaults the 1st user created into that group, but if you add additional users, you have to add them on purpose.
Ubuntu isn't unique in sudo availability. You can set it up on any distro. Ubuntu is just the only distro that is designed to encourage its use.
EditActually, simply being in the "sudo" group isn't the key. I put myself in the sudo group and tried to execute a privledged command. Error: You are not on the sudoers list. This incident will be reported.
I did a cat on /etc/sudoers, and it said I had to use a special program as root to edit the list. Didn't feel like reading the man page to see just how to go about that. It's pretty secure.
I've been thinking about setting it up on my system. One of these days pretty soon I will.
Sudo works for anyone in the "sudo" group. I believe Ubuntu defaults the 1st user created into that group, but if you add additional users, you have to add them on purpose.
Ubuntu isn't unique in sudo availability. You can set it up on any distro. Ubuntu is just the only distro that is designed to encourage its use.
EditActually, simply being in the "sudo" group isn't the key. I put myself in the sudo group and tried to execute a privledged command. Error: You are not on the sudoers list. This incident will be reported.
I did a cat on /etc/sudoers, and it said I had to use a special program as root to edit the list. Didn't feel like reading the man page to see just how to go about that. It's pretty secure.
I've been thinking about setting it up on my system. One of these days pretty soon I will.
rickh. . .if I understand correctly, you are saying that you must become root before you can add / delete users to / from the "sudo group?" Correct?
I use the "su" method. I've been using Mepis 6.0 for about a month now and I like it better than the 3.4.x versions. Although, often times I think it could be much better. I should soon be testing out Freespire and the new PCLinuxOS, to see how they compare.
If you do "sudo su" in ubuntu you get a root shell which does not require you to type sudo again. Also there is a root shell shortcut in the menu.
The only thing i did not find yet is a graphical access to root. But you can start all only root apps by giving the first user password. I guss one cccan say there is realy no difference in functionality but added security. If one uses sudo the chances of leaving a vulnerable system open if not eliminated minimized.
On the other hand, if you have a root password that only you know, then only you can have God status. A root password provides a security hurdle that only the administrator can over-ride.
Your post is wrong, so let me just explain.
(a) read the documentation first!
(b) you can set the sudo priviledges with the command visudo. And yes you have to be root to do this.
(c) the smartest way is way to do this is already in the file, just uncomment out. Users in the wheel group should be allowed to be sudoers and no one else. Why?
The wheel group is the group of users allowed to login as root. Now you're simply extending to them the ability to do a root like command without logging in. It's a shortcut for a permission they already have.
In the wrong hands both su and sudo can be dangerous. The person that doesn't set a root password, and gives all users access to sudo without a password for instance is asking for trouble. But is sudo more dangerous than su? I don't think so.
I can understand thinking this way-- if you've only used sudo in the context of ubuntu you don't realize what it really is, and even worse think it's only for ubuntu! lol
I actually love sudo and install it in any distro that I use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.