Re: What's so secure about sudo?
> So what's so secure about using sudo? Good question :) For a standalone system, used by a single user, it can be fairly easily argued that 'sudo' vs. 'su' is redundant. The advantages of 'sudo' come in when a system is accessed by multiple users, who's errors might be costly. And, as mentioned, when coupled with a creative /etc/sudoers.d/ setup, can provide a system with useful execution limitation, accountability, and tractability of action taken by users. -- Guy Gold ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What's so secure about sudo?
* https://www.youtube.com/watch?v=o0purspHg-o * https://www.bsdcan.org/2014/schedule/attachments/283_2014-04-29%20sudo%20tutorial%20-%20bsdcan%202014.pdf -- Rabin On Tue, 18 Jun 2019 at 09:25, Shlomo Solomon wrote: > This has bothered me for years and I decided to "get it off my chest". > > For many years I used su to do administrative tasks, but "everyone" > uses sudo and the claim is that it's more secure than actually logging > in as root. > > In principal, of course, root login is not a good thing, but let's > remember something I've never seen discussed. I would assume that on > most systems the root password is MUCH more secure than that of a > regular user. Now if I give user david sudo privileges, anyone who > cracks david's (weak) password now has access to root privileges. > > And before anyone says that this is only a one-time authorization, what > if the guy who cracked david's password now does: >sudo passwd root > > So what's so secure about using sudo? > > -- > Shlomo Solomon > http://the-solomons.net > Claws Mail 3.16.0 - Kubuntu 18.04 > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What's so secure about sudo?
I'm not an expert, but I found out that if I login as a regular user, I use sedo only when necessary. But when I login as root (which I do) I am root all the time. This may cause problems if by mistake I enter a command which might cause a big damage as root, but not a big damage as a regular user. Such as, for example, rm -f. So the security issue is also for me entering as a legitimate user and accidentally writing a wrong command. Which will probably not happen with sedo. Especially when sedos require for me to enter my password. Anyway, some servers I manage I am able to login as root and some not, as root login there is disabled. I'm not an expert is security but I think usually my servers are not cracked/hacked as long as I keep the passwords secure. If I login as root and don't make mistakes such as above, I don't see why logging in as root is less secure than sedo. By the way, sometimes I login as a regular user and then su. I don't remember if this option is enabled in all my servers. אורי u...@speedy.net On Tue, Jun 18, 2019 at 9:24 AM Shlomo Solomon wrote: > This has bothered me for years and I decided to "get it off my chest". > > For many years I used su to do administrative tasks, but "everyone" > uses sudo and the claim is that it's more secure than actually logging > in as root. > > In principal, of course, root login is not a good thing, but let's > remember something I've never seen discussed. I would assume that on > most systems the root password is MUCH more secure than that of a > regular user. Now if I give user david sudo privileges, anyone who > cracks david's (weak) password now has access to root privileges. > > And before anyone says that this is only a one-time authorization, what > if the guy who cracked david's password now does: >sudo passwd root > > So what's so secure about using sudo? > > -- > Shlomo Solomon > http://the-solomons.net > Claws Mail 3.16.0 - Kubuntu 18.04 > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What's so secure about sudo?
One reason that I like sudo is that root can be disabled for all intents and purposes. Most random SSH logins were once to the root account. We hardly ever see that anymore, thanks in no small part to the deprecation of root in many widespread Linux distros. On Tue, Jun 18, 2019 at 9:24 AM Shlomo Solomon wrote: > > This has bothered me for years and I decided to "get it off my chest". > > For many years I used su to do administrative tasks, but "everyone" > uses sudo and the claim is that it's more secure than actually logging > in as root. > > In principal, of course, root login is not a good thing, but let's > remember something I've never seen discussed. I would assume that on > most systems the root password is MUCH more secure than that of a > regular user. Now if I give user david sudo privileges, anyone who > cracks david's (weak) password now has access to root privileges. > > And before anyone says that this is only a one-time authorization, what > if the guy who cracked david's password now does: >sudo passwd root > > So what's so secure about using sudo? > > -- > Shlomo Solomon > http://the-solomons.net > Claws Mail 3.16.0 - Kubuntu 18.04 > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- Dotan Cohen http://gibberish.co.il http://what-is-what.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What's so secure about sudo?
In addition to Omer's answer, it used to be common on large multi-user systems to have the sudo use of each user logged, for accountability. On 2019-06-18 09:23, Shlomo Solomon wrote: > This has bothered me for years and I decided to "get it off my chest". > > For many years I used su to do administrative tasks, but "everyone" > uses sudo and the claim is that it's more secure than actually logging > in as root. > > In principal, of course, root login is not a good thing, but let's > remember something I've never seen discussed. I would assume that on > most systems the root password is MUCH more secure than that of a > regular user. Now if I give user david sudo privileges, anyone who > cracks david's (weak) password now has access to root privileges. > > And before anyone says that this is only a one-time authorization, what > if the guy who cracked david's password now does: >sudo passwd root > > So what's so secure about using sudo? > -- hkp://keys.gnupg.net CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What's so secure about sudo?
Using /etc/sudoers and /etc/sudoers.d, it is possible to limit the operations that an user can do as a superuser. It is even possible to configure some operations as ones not requiring him to enter his password. See 'man 5 sudoers'. On Tue, 2019-06-18 at 09:23 +0300, Shlomo Solomon wrote: > This has bothered me for years and I decided to "get it off my > chest". > > For many years I used su to do administrative tasks, but "everyone" > uses sudo and the claim is that it's more secure than actually > logging > in as root. > > In principal, of course, root login is not a good thing, but let's > remember something I've never seen discussed. I would assume that on > most systems the root password is MUCH more secure than that of a > regular user. Now if I give user david sudo privileges, anyone who > cracks david's (weak) password now has access to root privileges. > > And before anyone says that this is only a one-time authorization, > what > if the guy who cracked david's password now does: > sudo passwd root > > So what's so secure about using sudo? -- "Prior to capitalism, the way people amassed great wealth was by looting, plundering and enslaving their fellow man. Capitalism made it possible to become wealthy by serving your fellow man." - Walter E. Williams My own blog is at https://tddpirate.zak.co.il/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at https://www.zak.co.il/spamwarning.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
What's so secure about sudo?
This has bothered me for years and I decided to "get it off my chest". For many years I used su to do administrative tasks, but "everyone" uses sudo and the claim is that it's more secure than actually logging in as root. In principal, of course, root login is not a good thing, but let's remember something I've never seen discussed. I would assume that on most systems the root password is MUCH more secure than that of a regular user. Now if I give user david sudo privileges, anyone who cracks david's (weak) password now has access to root privileges. And before anyone says that this is only a one-time authorization, what if the guy who cracked david's password now does: sudo passwd root So what's so secure about using sudo? -- Shlomo Solomon http://the-solomons.net Claws Mail 3.16.0 - Kubuntu 18.04 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
