LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 06-04-2007, 12:44 PM   #31
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668

I think the OP is confused about what he "wants". First he said he couldn't get sudo to work for his user then he could but complained about other users then about not getting graphics as root then he falls back into a general rant about sudo.

My opinion is the OP just wanted to kvetch rather than get any real help from anyone. As noted more than once by myself and others he could ignore sudo completely if he chose a distro that didn't require it like ubuntu.
 
Old 06-04-2007, 03:13 PM   #32
rayburn
LQ Newbie
 
Registered: Jul 2004
Posts: 29

Rep: Reputation: 16
I think that ForYouAndI.com is being unfairly criticised here, as I understand it, (s)he wanted to give others permission to log into the main (admin) account on occasion but not be able to make any changes that require admin privileges. No harm in that as far as I can see, as one of the assets of Linux is being able to tailor the OS to your particular requirements.

Hope I understood the question correctly.
 
Old 06-04-2007, 10:44 PM   #33
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
Sorry for replying so late. I've spent days trying out distributions and making sure almost all the features I wanted were there. I ended up with Debian. No more sudo. Debian handles root the way suse does. Wife upset...talk later.
 
Old 06-05-2007, 09:16 AM   #34
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
tredegar, I read over your posts again. You think that I would want someone to log into my account and have root privelages...I meant the exact opposite. That is one of the reasons I ditched Windows. Bad user handling.

jlightner, now that I've had some rest, I can see your point. Rather than giving everyone the ability to become root, you can assign roles to users when they use sudo to access certain files. And it's better than just file permissions because they'll have to type in their password before they can mess anything up. Which would effectively stop any virus from doing harm.

Wouldn't it be possible to have the same security without sudo by using selinux?
 
Old 06-05-2007, 10:27 AM   #35
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
sudo predates the advent of SELinux.

They don't quite have the same purpose though.

With sudo you give specific users access to specific commnads (and arguments if desired - e.g. "su - testora" - gives only permission to su to testora user - not to any other user and most importantly NOT to root).

I think of SELinux more as a firewall on steroids but not having really used it can't comment well about what it does. My main view of SELinux is that it has almost no lucid documentation and causes many things not work if left enabled so most folks disable it. I have seen a comment that applications actually have to be SELinux aware which to me is another strike against it. For firewall iptables works just fine. SELinux is likely something I'd explore deeper only if I were making an internet facing web server. I note that FC6 (and presumably Fedora 7) have an SELinux configuration utility available so I might play with that on a future install.

Basically the point in sudo is to give users access to things they would not ordinarily have access to but root would whereas firewalls are to try to set global policies about what traffic is allowed to and from a server though specific interfaces(IPs) and ports.

Security is all about hardening the target and sometimes you do what is "practical". If you're running a home system that you never connect to the internet there's probably not a lot of need to get too fancy with iptables. However if you're running a web server that is important to your business' success you probably want to do a lot of hardening to be sure script kiddies and hackers don't take it down. Its much like accounting - if you're running a mom and pop business you probably aren't going to expend much effort producing a capital budget for the next year but in corporations this is a regular activity.

Most of my comments about use of sudo relate to the way I've used it in corporate environments that have dozens or hundreds of users accessing systems.
 
Old 06-05-2007, 10:54 AM   #36
ForYouAndI.com
Member
 
Registered: Jan 2006
Distribution: Debian
Posts: 82

Original Poster
Rep: Reputation: 15
Let me make sure I have this straight.
If my sudo gives me root priv...
When I do sudo command
the program runs with the same privalages and in the same way as if I did:
su pass
command
correct?
Of course, with the exception of su keeping root priv in the command line after the command is done executing.
 
Old 06-05-2007, 12:44 PM   #37
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,830
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
sudo command

simply says to run the command as the root user. To that extent is somewhat like running:

su -c command

The difference being with sudo the password that is requested is the original user's password and with su you must know the root password.

sudo's benefits on a multiuser system where only the System Admins should have root access are:
1) No one gets the root password other than the System Admins (for su everyone would need to know it).
2) ONLY those commands you've allowed for in sudoers can be executed by those users you've granted access to that command. You can set up multiple groups (e.g. DBAs) within sudoers to give all members of certain teams access to the certain commands and members of other teams (or individuals) access to other commands.
3) sudo has logging of who accessed which command. Since the user doesn't actually become root he can't delete logs as he might if you'd given him su. Also su by itself only logs which user executed su - it doesn't give you any view of what they did after the su.

Note: In the foregoing when I say "su" I mean switch user to root. Users can use su for non-root users if they know the passwords for those accounts.
e.g.
sudo su - testora
is the same as
su - testora
Again the difference being that for the sudo they need only know their own password and for su without sudo they need to know testora's password.

I use the above example mainly because its a feature some people don't realize - that being that while sudo runs as root it can be given commands such as "su - testora -c ls" that would do an ls -l of testora's home directory as the user testora. This means you never really give the user access to a root command at all except long enough to become the other non-root user.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sorry, sudo must be setuid root kurtdriver Fedora 6 10-22-2008 07:47 PM
su to root works sudo doesn't magnum81 Linux - Security 4 04-22-2006 08:29 PM
How to hack sudo to become root lewkh Linux - Security 5 01-08-2005 06:20 AM
Sudo, su and root lesleyb Linux - Security 3 10-18-2004 01:36 PM
SUDO as *non-root* user spratty Linux - Newbie 3 05-19-2004 03:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 02:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration