LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-20-2021, 02:23 PM   #31
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 17,204

Rep: Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824Reputation: 5824

Quote:
Originally Posted by abejarano View Post
By unrecoverable issues is meant permanently unrecoverable? Would you give an example of unrecoverable when when a backup exists offline?
Unrecoverable means you will lose something which cannot be recovered at all (like personal data). Obviously a backup may help to avoid that situation.
Unrecoverable may mean you cannot recover any change made after the last backup.
Recovering always has a cost. If you can't afford that the data loss is permanent.
 
Old 11-20-2021, 07:56 PM   #32
enigma9o7
Member
 
Registered: Jul 2018
Location: Silicon Valley
Distribution: Bodhi Linux
Posts: 738

Rep: Reputation: 269Reputation: 269Reputation: 269
Depending on your distro, you may have root shell available from grub advanced options anyway. So somebody in your home can already get root access fairly easily even if you didnt leave the terminal in a root session.

If the reason you leave terminal in root shell is you're tired of entering your password, you know you can increase the length of time before sudo asks for password again? That eliminates the other concern people have with your method of doing root tasks and accidentally thinking its a normal user terminal when entering things, cuz you still have to type sudo when you need such privs....

Code:
echo "Defaults timestamp_timeout=120" | sudo tee /etc/sudoers.d/timeout
I use 120 minutes, but you could set it much higher if you want...
 
Old 11-21-2021, 03:36 PM   #33
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDo, tinycore, Q4OS,Manjaro
Posts: 4,088

Rep: Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904
Quote:
Originally Posted by enigma9o7 View Post
Depending on your distro, you may have root shell available from grub advanced options anyway. So somebody in your home can already get root access fairly easily even if you didnt leave the terminal in a root session.

If the reason you leave terminal in root shell is you're tired of entering your password, you know you can increase the length of time before sudo asks for password again? That eliminates the other concern people have with your method of doing root tasks and accidentally thinking its a normal user terminal when entering things, cuz you still have to type sudo when you need such privs....

Code:
echo "Defaults timestamp_timeout=120" | sudo tee /etc/sudoers.d/timeout
I use 120 minutes, but you could set it much higher if you want...
Or use doas or sudo configured so that it does not require a password.
 
Old 11-22-2021, 03:39 PM   #34
max.b
Member
 
Registered: Feb 2013
Distribution: Debian 11, GNOME
Posts: 100

Rep: Reputation: 5
If you actually type "sudo su" or "sudo" or "su", you make privilege escalation very easy: an attacker can simply alias "sudo" to something else.
 
Old 11-24-2021, 11:48 PM   #35
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,925

Rep: Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631Reputation: 2631
I wasn't going to comment any more on this thread ( probably ), but I would never
Quote:
Or use doas or sudo configured so that it does not require a password.
 
Old 11-25-2021, 11:32 AM   #36
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDo, tinycore, Q4OS,Manjaro
Posts: 4,088

Rep: Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904Reputation: 1904
Quote:
Originally Posted by chrism01 View Post
I wasn't going to comment any more on this thread ( probably ), but I would never
I would, but only for specific non-destructive commands.

Every security decision requires at LEAST an informal risk analysis, and often risk remediation. In the case of sudo and doas, limiting the things you can do without using a password to those things that cannot do damage seems a good FIRST step!

Keeping also in mind that configuring the REST of your node to be secure is just as important.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
sudo fails - "sudo: can't get hostname: Success" fantasygoat Linux - Server 3 10-01-2009 03:59 PM
cannot "sudo apt-get uptate" or "sudo" anything! plz help mdguy21061 Linux - Newbie 7 04-14-2008 12:59 AM
Help With Java Problem Please"""""""""""" suemcholan Linux - Newbie 1 04-02-2008 07:02 PM
Difference between "sudo su" and "sudo su -"? Rush_898 Linux - Newbie 1 10-17-2007 03:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration