LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 06-02-2007, 02:48 PM   #1
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Rep: Reputation: 15
I hate sudo - but don't need to login as root


I've been reading alot everywhere about how to enable su which is what I want to use. But every argument I've seen is a one about how someone wants to graphically log in as root. I do not want that. I just want ubuntu (I use kubuntu) to act like distributions that use su instead of sudo.

People argue in favor of sudo saying it's more simple than su is, but it isn't. They say, "You only have to remember one password". In my opinion, that only skews what is actually happening. They may not realize that they are running the program as the root user because they typed in their user password, not root's. Another issue - I don't mind if people log into my personal account if they need to, but I don't want them to have root power when they do so; if they know my login password, the can do anything on the system. Why try to make Linux more like Windows in ways of security. It's a big mistake and the only thing that's holding me back from using kubuntu as my distribution of choice.

I REALLY don't want to, but if there is no solution to make kubuntu handle running as root like openSUSE does, I may have to move back.

P.S. I should mention that there is only one valid reason I can think of for running as graphical root:
Backing up user profiles on the system. Because all other users should be logged out when I'm backing up the files so that nothing gets messed up, and root is the only user who has the privalages to read all of users data without any problems.

Hoping that someone has a solution for this...
 
Old 06-02-2007, 03:04 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
You could always just do "sudo su -" couldn't you? Just edit the sudoers file (visudo) to allow that to work.

By the way you misunderstand sudo. You only need one password but you do have to type the word "sudo" before your command so you would always be aware when you were doing something as root and when you weren't simply by the presence or absence of the word sudo.

My comments are based on "pure sudo" as I've used it in UNIX and Linux variants that do NOT require it. I've not used ubuntu so don't know if they've done something odd with it.
 
Old 06-02-2007, 03:13 PM   #3
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
sudo su works but it doesn't solve the problem of someone logging into my non-admin account and then using the same exact password to become root!
 
Old 06-02-2007, 03:13 PM   #4
esteeven
Senior Member
 
Registered: Oct 2001
Location: Bristol UK
Distribution: Arch Slackware Ubuntu
Posts: 1,078

Rep: Reputation: 48
Just do "sudo passwd root" and then add a password for root (having used your password to allow you to use sudo). Now remove your account from sudo. Now you only have access to root via su. Or by logging in as root.
Can't see what's wrong with sudo though. It makes absolute sense to me.
 
Old 06-02-2007, 03:15 PM   #5
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
When I run applications like the package manager, will it work right and ask me for the root password?
 
Old 06-02-2007, 03:18 PM   #6
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
I don't mean from the command line, I mean from the menu...SUSE does this right.
 
Old 06-02-2007, 03:32 PM   #7
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
You can restrict who is allowed to do "sudo su -" with the sudoers file. Not having used ubuntu I don't know but it would surprise me greatly if they were boneheaded enough to allow ALL users to do "sudo su -". It sounds as if they require you to create a non-root user at install (other distros suggest this but don't require it) and they probably assume that is your "administrator" and only allow that first user by default to get to the root user so easily.

If not then I feel safe in calling the folks that put out the ubuntu distro morons akin to the admin I once met who allowed folks to do use "sudo vi". He was greatly surprised when I did that then typed :!sh and got to a root prompt.

sudo is a great tool for allowing users access ONLY to what they need AND logging it when they access those tools. But it is easy to break its security if you don't think out what you're giving them access to. If ubuntu gave everyone "sudo su -" then they might as well not have attempted to restrict root usage at all.
 
Old 06-02-2007, 04:16 PM   #8
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
I just found another inconsistancy with ubuntu compared to other distributions: My first terminal was on tty7 and my next was not on 9! Something else is running on 8 and I don't know how it got there. Says, "* Checking battery state"

I just added another user. I can't use sudo but...su does not work either! I type the root password and get a root prompt but the applications can never connect with the X server. Why does su work flawlessly in other distributions but not here?
 
Old 06-02-2007, 04:32 PM   #9
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Well being an adherent of RedHat/Fedora myself I'm not going to get into Ubuntu bashing. Its a matter of choice. Each distro has a certain philosophy behind it. If Ubuntu doesn't suit you try pure Debian on which Ubuntu is based. It doesn't have the sudo setup.

Again I'd tell you that using visudo to edit the sudoers file would allow you to give permissions to other users. For a home system restricting su may not seem like a good thing to you but for professional admins that are used to dozens or even hundreds of users doing the opposite would sound completely moronic. You do NOT want the average user getting access to the down and dirty behind the scenes stuff that root access would allow them. A simple command like: chmod -R 777 / seems harmless enough but would render most systems unusable due to built in safeguards. Even more dangerous would be: rm -rf /.
 
Old 06-02-2007, 04:44 PM   #10
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
So that's the problem? I can add allowed users to that file?

Last edited by ForYouAndI.com; 06-02-2007 at 04:45 PM.
 
Old 06-02-2007, 04:51 PM   #11
oxleyk
Member
 
Registered: Nov 2003
Distribution: Ubuntu
Posts: 309

Rep: Reputation: 30
With every other distro I've tried, I edited the sudoers list so that I don't have to enter a password. I made the same edit in Ubuntu but it doesn't work.

Kent
 
Old 06-02-2007, 04:52 PM   #12
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
I really doubt that's the problem because not only did I login as root on the other users account, but I also installed a program with apt-get. The problem is that root can't connect to an X server.
 
Old 06-02-2007, 04:55 PM   #13
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
"I edited the sudoers list so that I don't have to enter a password"
Seems like a bad idea to me.
That's a huge problem that Windows has - always an admin.
 
Old 06-02-2007, 05:06 PM   #14
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Maybe I missed something. I thought your complaint was about other users not being able to run sudo.

If your complaint is about them not being able to run X windows maybe you need to spell it out a little more.

It works for one user but not others? Exactly what do you do to "start X" for that user? Is there a sudo command involved there? If so then finding that in your sudoers file and adding the other user(s) to the relevant line or group in sudoers should get it working for them.

Also I'm with you - turning off passwords is a bad idea. If you have your Linux server in a safe to which only you know the combination and do not EVER attach it to a network or have a wireless card in it this might not be a bad idea but even with firewalls etc... you've just taken out a fundamental layer of security. If the hacker gets in at all he has it all. Security is about hardening the target. Have passwords AND firewalls - don't rely on just one security mechanism to protect you.
 
Old 06-02-2007, 05:11 PM   #15
oxleyk
Member
 
Registered: Nov 2003
Distribution: Ubuntu
Posts: 309

Rep: Reputation: 30
Quote:
Originally Posted by ForYouAndI.com
"I edited the sudoers list so that I don't have to enter a password"
Seems like a bad idea to me.
That's a huge problem that Windows has - always an admin.
I'm the only user on my computer. I still have to run commands with "sudo" I just don't have to enter my password. I wouldn't do that in a real-world, multi-user situation.

Kent

Last edited by oxleyk; 06-05-2007 at 06:31 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sorry, sudo must be setuid root kurtdriver Fedora 6 10-22-2008 07:47 PM
su to root works sudo doesn't magnum81 Linux - Security 4 04-22-2006 08:29 PM
How to hack sudo to become root lewkh Linux - Security 5 01-08-2005 06:20 AM
Sudo, su and root lesleyb Linux - Security 3 10-18-2004 01:36 PM
SUDO as *non-root* user spratty Linux - Newbie 3 05-19-2004 03:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 03:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration