[SOLVED] Security and "sudo" -- n00b wants your thoughts
UbuntuThis forum is for the discussion of Ubuntu Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
With "sudo" all you need to type to gain God status are 4 letters that everyone knows: sudo
On the other hand, if you have a root password that only you know, then only you can have God status. A root password provides a security hurdle that only the administrator can over-ride.
From this p.o.v. it seems that "sudo" is a disaster waiting to happen.
Even if "sudo" gives you root power for only one command, that still is root power in the hands of any user, not just the administrator.
What is to stop a troublesome average user from dropping one well placed "sudo" command to screw the entire system?
I'm not trying to flame "sudo" but I am just shocked to learn this and trying to describe the issue to the best of my understanding.
Please clarify and help me out.
/ Currently do not use Ubuntu based system but thinking about it, but I don't understand "sudo" and it scares me.
// Can you just use the traditional "su" method on Ubuntu instead of the new "sudo" method?
You two are saying that you must type in a password to use sudo? What password. . .a specific root / admin password or something else.
I'm coming from the MEPIS forum (MEPIS does not use sudo, it uses su) and talked to some people there. They never said anything about a sudo password on MEPIS, so I wanted to see if Ubuntu runs the same way.
I am trying to figure out if sudo behaves in MEPIS (if I installed it) like sudo behaves in Ubuntu.
In ubuntu to do anything as the superuser/root you need to do 2 things, first you need to be in the admin group and then you need to type sudo before the command then type in your password (like a way to confirm that you rally want to run the command). You can also set up sudo to allow a user to only a user to run a certain command or set of commands as root and not others. You configure this in the /etc/sudoers file. It's much more configurable and powerful than just su, where if you want to alow someone to run a command as root then you have to give them the keys to the whole system.
Ubuntu's implementation of sudo works the same way things do in real life.
If you're just you, you can't open the door to your apartment. If you're you with a key, then you can open it.
If you're just you and an ATM card, you can't withdraw money from the ATM. If you're you with an ATM card and the PIN code for that card, you can withdraw money.
Some people are administrators. Others are not. All people generally operate as limited users most of the time.
Administrators are allowed to temporarily assume root privileges for certain tasks with their user passwords. Non-administrators can never assume root privileges.
noob@host:~$ su
Password:
root@host:~# command
root@host:~# other command
root@host:~# "Oh crap, I forget to type exit and just screwed my system"
You decide.
But how about this:
Code:
user@host:~$ su -c "command"
Password:
user@host:~$
This executes only the command(s) between the quotes with root priviledges, and after that you return to being a normal user again. So I think using su does not need to pose a greater risk in this particular example.
Whether 'su' or 'sudo', I'm very happy to have found a way to stop using root as my main logon in Linux. I could not break away from the habit of always being signed on as root. A left over from the Windows side of my job life. What's interesting is that MS finally decided to use a 'sudo-like' system for their upcoming OS.
The big problem with sudo is that if someone cracks your admin password, then they have the whole box...
If someone cracks a user account of someone who uses su,... they also have to crack the root password...
THAT's the big problem with sudo... mine anyway.
I don't buy that at all. They're far more likely to crack root, as they already know the username (root) and the privileges that go along with it (all privileges).
Root Model:
Username - known
Privileges - known and desirable
Password - unknown
Sudo Model:
Username - unknown
Privileges - unknown (might be administrator, might not be)
Password - unknown
Three unknowns versus one unknown. If I were a cracker, I'd want to find the root password right away--screw sudo users.
Regardless of "sudo" advantages and disadvantages, can anyone tell me if it is possible to use the traditional "su" method in Ubuntu / Kubuntu, etc? Or, are you stuck with the "sudo" method?
I ask because others have claimed that you can set up a Ubuntu install that uses the traditional "su" approach. . .though you might have to install something to do so, or configure certain files.
One advantage to using sudo is that you can limit the commands that certain users or members of certain groups are allowed to run as root. Another advantage is that sudo commands are logged. Also, you don't need to reveal the root password that would be required if you relied on su instead. There are some commands like "less" and "vim" that allow you to run shell commands. You either need to prohibit these commands in the /etc/sudoers setup or use a secure mode of these programs (such as compiling less with the SECURE mode build in permanently.) Truly locking down what an admin sudoer user can do would be difficult; so sudo is more of a way of securing the secret of root's password and allowing root tasks to be done without developing the habit of su'ing to root all of the time to do it. You still have to be carefull who you allow root tasks to, with or without sudo.
Regardless of "sudo" advantages and disadvantages, can anyone tell me if it is possible to use the traditional "su" method in Ubuntu / Kubuntu, etc? Or, are you stuck with the "sudo" method?
I ask because others have claimed that you can set up a Ubuntu install that uses the traditional "su" approach. . .though you might have to install something to do so, or configure certain files.
In Ubuntu the root account is still present, the password just isn't set. Well, it may be set, but certainly not to anything you specify. You could renable by issuing the command 'sudo passwd root'; however, I find it easier to use 'sudo su' to switch to root when I have to. In fact, I use this same method for the non-debian distros that I use as well. It works quite well. The ability to hand out access for just a few commands is really helpful.
I have been installing various distros, having fun and learning about them. I'm using a couple of old laptops to do this.
But I was surprised when the Ubuntu install didn't ask me to set a root password, just a user name and password. Then when I was trying to install new software or update or something I had to go searching google to find out what to do. I found some info about "sudo passwd root". I thought that would set a root password for me, but no, it just took my user password and gave me root privileges. So ... I am still kind of confused why it would work that way, but now, whenever I want to do something that requires root I just have to input the same password I logged in with as user. That doesn't make sense to me.
Other than that I think Ubuntu is real slick and zippy, including on old hardware, which is what I am experimenting with.
Mac users don't seem to be confused by it, and Mac OS X uses sudo the same way Ubuntu does.
If you're an admin user, you enter your password to perform admin tasks.
That makes sense. It's a culture shock to you because you're used to other distros that have a root account. But really... think about it--why should need a separate root account to perform administrative tasks?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.