Re: sudo questions
On 8/20/13, Chris Bannister cbannis...@slingshot.co.nz wrote: On Mon, Aug 19, 2013 at 11:12:15AM +1000, Zenaan Harkness wrote: On a more hair splitting note, we could say it is Universal, at the price of being a little more generic sometimes than it could otherwise be. If you are going to split hairs. :) I'd say that the more Universal something is the more generic it is. If you get less generic then are you also less Universal also? This is a positive note, since we are naming Debian as universal in more ways than one! Eg: - runs on every arch Agreed. Every is a bit strong here, but true, it does run on a lot. - runs all software No. - runs in (almost) every way you'd like It's default base install is one of the reasons I like it. But of course, the set of (installation preferred default sets) +(menu options lists short enough to be sensible) +(reasonable installation image size) is perhaps the empty set. Interesting you should think this, can you give an example. Touché! I cannot. :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caosgnsteozh4uoiyv8fnupepyxy+dkt2iwopdb_bst-szdk...@mail.gmail.com
Re: sudo questions
Le 19.08.2013 14:22, Ralf Mardorf a écrit : For other tastes, there are other good distros too. Bad distros among the well known IMO are only those, that don't have a community, such as e.g. Mint. Mint might be ok, but when those people run into issues, they ask at Debian and Ubuntu lists. Regards, Ralf That reasoning is not too bad, but I think I can remember having seen some Ubuntu users around here ;) On the other hand, when I have a problem, if I am not able to solve it myself ( It is quite rare, tbh, but it is only because I do not work as an admin and so I can spend hours into fixing something or finding a workaround... like how to purge NVIDIA*.run's files after a crash of an installer - was is debian's one or the .run? Don't remember - which could have taken less hours if I had asked here.), it often happen to be solved on [ ubuntu | archlinux | gentoo ] forums/wiki, depending on the problem ( Ubuntu's forum to find a software, archlinux and gentoo to play even more with my system, it seem ), rarely on Debian's ones ( depending on the results ddg gave me ). So, it would mean that Debian is badder than those 3 distros, which I do not think. There is are quite active mailing lists, but, and this is the stronger point imho, Debian allows more customizations more easily than the 3 other distros I have mentioned ( again: my opinion, do not start a war on those words ). So, even if I never tried mint, it is probable that it is not a so bad distro because maybe it meet it's users needs. It is a linux distro, and given how small the linux community is, I do not think we should restrain ourselves to a single subcommunity (even if I have only really used Debian, ironically ;) I tried the 3 others I mentioned, but disliked Ubuntu, had archlinux broken to install xorg, and never had a damned working kernel with gentoo... I'll retry gentoo later, with more knowledge.). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/c4fcef050d691b23954bd1b5d1156...@neutralite.org
Re: sudo questions
On Mon, 2013-08-19 at 11:12 +1000, Zenaan Harkness wrote: On 8/19/13, Bob Proulx b...@proulx.com wrote: I know you would like the installer to do exactly what your custom strategy is for your system. But that is difficult. There are many custom strategies. Debian IS! THE! Universal! Operating! System! I agree with Bob and Zenaan. My focus is on Arch Linux, Debian and Ubuntu. The only other distro kept on my machine is an outdated Suse, but I tested several other distros too, but what I really used installed to my machines were Suse, Debian, Ubuntu, 64 Studio (= Debian and Ubuntu depending to it's release) and Arch Linux. For other tastes, there are other good distros too. Bad distros among the well known IMO are only those, that don't have a community, such as e.g. Mint. Mint might be ok, but when those people run into issues, they ask at Debian and Ubuntu lists. Regards, Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376914965.1004.18.camel@archlinux
Re: sudo questions
On Sat, Aug 17, 2013 at 09:25:23PM +0200, Ralf Mardorf wrote: On Sun, 2013-08-18 at 03:12 +0900, Joel Rees wrote: johndoe sounds like a great name for an admin account. There's a Debian BSD port ;), so how about Charlie Root? [snip] too long, didn't read IOW, tl;dr -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130818093337.GA27533@tal
Re: sudo questions
On Sun, 2013-08-18 at 21:33 +1200, Chris Bannister wrote: On Sat, Aug 17, 2013 at 09:25:23PM +0200, Ralf Mardorf wrote: On Sun, 2013-08-18 at 03:12 +0900, Joel Rees wrote: johndoe sounds like a great name for an admin account. There's a Debian BSD port ;), so how about Charlie Root? Should be charlie or charlieroot. [snip] too long, didn't read IOW, tl;dr In my opinion it won't add more sane security, if a hacker doesn't know the admin account name, but it would confuse new admins. IOW, IMOIWAMSS;IAHDKTAAN;BIWCNA I'm serious now. Wouldn't it add extra security, if binaries wouldn't be in directories called bin or sbin? Why not hide the binaries in /etc/fonts/.abcdefghijklmnopqrstuvwxyz/cjo and /etc/fonts/.abcdefghijklmnopqrstuvwxyz/tcjo? This is possible, but for good reasons no sane admin will do it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376821066.1305.50.camel@archlinux
Re: sudo questions
On Sun 18 Aug 2013 at 06:51:04 +0900, Joel Rees wrote: On Sun, Aug 18, 2013 at 4:03 AM, Brian a...@cityscape.co.uk wrote: On Sun 18 Aug 2013 at 03:12:39 +0900, Joel Rees wrote: But debian's installer tries to encourage the user to not enable root, No, it doesn't. Perhaps you would rather I said something like, it gives the option to establish an initial account and tells the person performing the install if root login is enabled, the initial account will not be an admin account, but if root login is disabled, the initial account will be a member of the sudo group and thus an admin account, and, by the way, you might prefer to not enable root login. Is that closer to what the installer does in your opinion? Yes, closer but the installer doesn't adopt a stance on sudo versus root login. The wordings presented to the user are: If you choose not to allow root to log in, then a user account will be created and given the power to become root using the 'sudo' command. and You need to set a password for 'root', the system administrative account. A malicious or unqualified user with root access can have disastrous results, so you should take care to choose a root password that is not easy to guess. It should not be a word found in dictionaries, or a word that could be easily associated with you. . A good password will contain a mixture of letters, numbers and punctuation and should be changed at regular intervals. . The root user should not have an empty password. If you leave this empty, the root account will be disabled and the system's initial user account will be given the power to become root using the sudo command. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/18082013112511.475cb...@desktop.copernicus.demon.co.uk
Re: sudo questions
On Sun, Aug 18, 2013 at 12:17:46PM +0200, Ralf Mardorf wrote: On Sun, 2013-08-18 at 21:33 +1200, Chris Bannister wrote: On Sat, Aug 17, 2013 at 09:25:23PM +0200, Ralf Mardorf wrote: [snip] too long, didn't read IOW, tl;dr In my opinion it won't add more sane security, if a hacker doesn't know the admin account name, but it would confuse new admins. IOW, IMOIWAMSS;IAHDKTAAN;BIWCNA No, no, no. I am having a bad day being understood. too long, didn't read == tl;dr but some people use tl;dr as meaning executive summary or summary. Obscure? Sorry. -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130818113538.GB29172@tal
Re: sudo questions
On 8/18/13, Chris Bannister cbannis...@slingshot.co.nz wrote: On Sun, Aug 18, 2013 at 12:17:46PM +0200, Ralf Mardorf wrote: On Sun, 2013-08-18 at 21:33 +1200, Chris Bannister wrote: On Sat, Aug 17, 2013 at 09:25:23PM +0200, Ralf Mardorf wrote: [snip] too long, didn't read IOW, tl;dr In my opinion it won't add more sane security, if a hacker doesn't know the admin account name, but it would confuse new admins. IOW, IMOIWAMSS;IAHDKTAAN;BIWCNA No, no, no. I am having a bad day being understood. too long, didn't read == tl;dr but some people use tl;dr as meaning executive summary or summary. Obscure? Sorry. Chris, Chris, you were understood perfectly, you are having a bad day understanding sarcasm that's all. Your good intent is well noted. Thanks for being Chris. Regards Zenaan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caosgnstnnienychbpv_uvxr+aztk4mkxhk5phcuw_umtf7r...@mail.gmail.com
Re: sudo questions
On Sun, 2013-08-18 at 21:40 +1000, Zenaan Harkness wrote: On 8/18/13, Chris Bannister cbannis...@slingshot.co.nz wrote: On Sun, Aug 18, 2013 at 12:17:46PM +0200, Ralf Mardorf wrote: On Sun, 2013-08-18 at 21:33 +1200, Chris Bannister wrote: On Sat, Aug 17, 2013 at 09:25:23PM +0200, Ralf Mardorf wrote: [snip] too long, didn't read IOW, tl;dr In my opinion it won't add more sane security, if a hacker doesn't know the admin account name, but it would confuse new admins. IOW, IMOIWAMSS;IAHDKTAAN;BIWCNA No, no, no. I am having a bad day being understood. too long, didn't read == tl;dr but some people use tl;dr as meaning executive summary or summary. Obscure? Sorry. Chris, Chris, you were understood perfectly, you are having a bad day understanding sarcasm that's all. Your good intent is well noted. Thanks for being Chris. :) Chris, what you call a bad day, I call an averaged day ;) [1]. Regards, Ralf [1] The polemic, the pathos is based on Ice-T's Cos what I call home you call hell. If there should be dissing again at Linux audio users mailing list, I will dig deeper into lyrics of some rap musicians and chime in again in such a thread. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376830095.1305.71.camel@archlinux
Re: sudo questions
On Sun, Aug 18, 2013 at 7:32 PM, Brian a...@cityscape.co.uk wrote: On Sun 18 Aug 2013 at 06:51:04 +0900, Joel Rees wrote: On Sun, Aug 18, 2013 at 4:03 AM, Brian a...@cityscape.co.uk wrote: On Sun 18 Aug 2013 at 03:12:39 +0900, Joel Rees wrote: But debian's installer tries to encourage the user to not enable root, No, it doesn't. Perhaps you would rather I said something like, it gives the option to establish an initial account and tells the person performing the install if root login is enabled, the initial account will not be an admin account, but if root login is disabled, the initial account will be a member of the sudo group and thus an admin account, and, by the way, you might prefer to not enable root login. Is that closer to what the installer does in your opinion? Yes, closer but the installer doesn't adopt a stance on sudo versus root login. The wordings presented to the user are: If you choose not to allow root to log in, then a user account will be created and given the power to become root using the 'sudo' command. Hmm. I think I was reading my prejudices into that. and You need to set a password for 'root', the system administrative account. A malicious or unqualified user with root access can have disastrous results, so you should take care to choose a root password that is not easy to guess. It should not be a word found in dictionaries, or a word that could be easily associated with you. . A good password will contain a mixture of letters, numbers and punctuation and should be changed at regular intervals. . The root user should not have an empty password. Ah, I think I was misreading this part, again, according to my prejudices. If you leave this empty, the root account will be disabled and the system's initial user account will be given the power to become root using the sudo command. Maybe I need to file a feature request (for my own satisfaction, even if it gets rejected). What I lean towards is providing the installing user (1) the opportunity to set the root password, (2) the opportunity to set a separate admin account and password (member of sudo group on debian), and (3) the opportunity to set a separate non-admin work account and password. (To go into more detail, I'd go so far as to present a few l33t5pe@k-ed randomized-with-entropy example passphrases at each step, though not actually putting anything into the password entry field. I'm a bit aggressive about pushing good passwords. Of course, that requires a largish spelling dictionary in the installer, to pull the random passphrases from. :-/) Anyway, I can see I've been reading the installer in the context of my opinions about the ideal minimum number of accounts. -- Joel Rees -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caar43ipexcpxfmuugj4wpej3btl7zmee26fxboe7xriyhtg...@mail.gmail.com
Re: sudo questions
Joel Rees wrote: Maybe I need to file a feature request (for my own satisfaction, even if it gets rejected). What I lean towards is providing the installing user (1) the opportunity to set the root password, (2) the opportunity to set a separate admin account and password (member of sudo group on debian), and (3) the opportunity to set a separate non-admin work account and password. I know you would like the installer to do exactly what your custom strategy is for your system. But that is difficult. There are many custom strategies. For example I have my own things that I always customize when setting up a new system. Other people have other strategies. It is impossible to be the Univerial Operating System and make everyone happy. At least not all at the same time. If you target one particular strategy to the point of *exclusion* of others then the others are *NOT* happy. The best thing that the debian-installer can do is be a bootstrap tool that gets things going. It can be the lowest common denominator tool that starts the system off. After the system is installed then you as the administrator can customize it for your purposes. That is a good thing. What is even better is that if you desire you can customize the debian-installer to create your strategy at install time. I do this. Works great. However if you are only doing this once or twice it isn't work the effort. I set up a PXE boot and post-install customization scripts. All of my customization goes into those scripts. It is automated. But it needed me to write the scripts to be there. If you are only installing once or twice then it isn't work the effort to set up. Then it is easier just to do what you want manually. In your case install using the debian-installer. Set up a root password. Set up the user. All as guided by the debian-installer. Then after installation log in as root and create your administrator user. Assign them to the sudo group. # adduser admin # addgroup admin sudo And with that you will have your desired strategy all set up and running. Easy! Bob signature.asc Description: Digital signature
Re: sudo questions
On 8/19/13, Bob Proulx b...@proulx.com wrote: Joel Rees wrote: Maybe I need to file a feature request (for my own satisfaction, even if it gets rejected). What I lean towards is providing the installing user (1) the opportunity to set the root password, (2) the opportunity to set a separate admin account and password (member of sudo group on debian), and (3) the opportunity to set a separate non-admin work account and password. I know you would like the installer to do exactly what your custom strategy is for your system. But that is difficult. There are many custom strategies. For example I have my own things that I always customize when setting up a new system. Other people have other strategies. It is impossible to be the Univerial Operating System and make everyone happy. At least not all at the same time. If you Ahem! Debian IS! THE! Universal! Operating! System! /raucus applause Thank you everybody. Been a please talking tonight ... enjoy Debian. :) On a more hair splitting note, we could say it is Universal, at the price of being a little more generic sometimes than it could otherwise be. This is a positive note, since we are naming Debian as universal in more ways than one! Eg: - runs on every arch - runs all software - runs well on a very broad spectrum of resources - eg constrained - eg massive resources - runs in (almost) every way you'd like I mean, WOW! Fellow humans, this Debian thing is like OFF THE CHARTS! But of course, the set of (installation preferred default sets) +(menu options lists short enough to be sensible) +(reasonable installation image size) is perhaps the empty set. Oh well. Perhaps we should rename Debian The hopefully universal enough Operating System? :) Zenaan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOsGNSSM2wifuHx+w0skxvA-=ad-x9r6x+ab6nqtpurjato...@mail.gmail.com
Re: sudo questions
In case you're still confused, I'll try a little more direct response. (Lots of informative responses in this thread, but I feel a blog coming on. The rant I wrote on this a long time ago needs updating.) On Wed, Aug 14, 2013 at 7:14 PM, François Patte francois.pa...@mi.parisdescartes.fr wrote: Bonjour, For some unknown reason I did not activate the root account during the installation. I activated it from a user account, say John Doe. johndoe sounds like a great name for an admin account. Much better than admin. But debian's installer tries to encourage the user to not enable root, and to set up a non-root administrator account instead. (That part needs a little work. I suppose I should make some time to come up with some patches to offer them.) Now John Doe can become root anytime and do anything on my machine. Well, yeah, that's what the primary admin account should be able to do. How can I deactivate this? man visudo and the related stuff. (But what's this thing with sudo-edit or something? And why, oh, why do they insist that pico should be the default editor for configuration files? Well, you may find pico more comfortable than vim. I don't. Vim is much more well-behaved when I'm editing configurations.) I have seen that John Doe is a member of almost all groups in /etc/group and /etc/gshadow... man adduser or maybe usermod or deluser. The interface looks a little clumsy for removing johndoe from all those groups, yes. Careful editing with vigr (with and without the -s option) may be quicker. Is there a simple method to remove John Doe from these files and are there other files to modify? It's going to be a little clumsy, take maybe ten minutes. But, but, but, ... Wait a minute! Now that I've told you how to figure out how to untangle johndoe from his admin privileges, do you really want to do that? Maybe you would prefer to make another non-admin account, and leave johndoe intact as your non-root admin account? (I and a number of other users here strongly encourage you to consider this. I'll try to blog about the reasons why sometime next week, but my blogs are not on the lists here, and you want answers now. Well, read the whole thread, the basic answers are pretty well covered, if not all in one place.) I asked a question about this inconvenience of the sudo way to activate root account: lightdm accepts to login root for a graphical session, I found a method to forbid this: add this line in /etc/pam.d/ligthdm: auth required pam_succeed_if.so user != root quiet Excellent idea. I don't understand this fashion: sudo and no root account It is the same under ubuntu. What for? The simple answer is that sudo allows more fine-grained control over what you allow administrator accounts to do. Along with that fine-grained control, it provides a bit more of a buffer between you and, say, rm -rf /*, or the even more evil version without the file glob. Even experienced admins find themselves trying to shoot themselves in the foot from time to time. Working as much as possible as a non-root user helps to prevent toes and whole legs from being blown off. So to speak. (My old rant suggested that installs should encourage setting up both a non-root admin and a non-admin user. I still think that's the best approach, but some of the devs think it just gets too much in the way.) Thanks. -- François Patte -- Joel Rees -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAr43iPPByX1-HBOOntOx=oyooymsn4s9+xhkrn3xedoiu5...@mail.gmail.com
Re: sudo questions
On Sun 18 Aug 2013 at 03:12:39 +0900, Joel Rees wrote: But debian's installer tries to encourage the user to not enable root, No, it doesn't. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/17082013200133.40dadf8a9...@desktop.copernicus.demon.co.uk
Re: sudo questions
On Sun, 2013-08-18 at 03:12 +0900, Joel Rees wrote: johndoe sounds like a great name for an admin account. There's a Debian BSD port ;), so how about Charlie Root? [snip] too long, didn't read -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376767523.687.51.camel@archlinux
Re: sudo questions
On Sun, Aug 18, 2013 at 4:03 AM, Brian a...@cityscape.co.uk wrote: On Sun 18 Aug 2013 at 03:12:39 +0900, Joel Rees wrote: But debian's installer tries to encourage the user to not enable root, No, it doesn't. Perhaps you would rather I said something like, it gives the option to establish an initial account and tells the person performing the install if root login is enabled, the initial account will not be an admin account, but if root login is disabled, the initial account will be a member of the sudo group and thus an admin account, and, by the way, you might prefer to not enable root login. Is that closer to what the installer does in your opinion? Other than issues of order and timing, the entire dialog not being present on any one screen, it seems pretty close to what I remember it telling me when I switched this netbook from Fedora 17 to Wheezy last week. Which was a little different from what the Squeeze installer did when I installed Squeeze on the tower about a year and a half ago. -- Joel Rees -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAr43iPQW=opoaoorage2cx9x51wfgpkqeoij7y+gegutr5...@mail.gmail.com
Re: sudo questions
Le 15.08.2013 04:11, Richard Hector a écrit : By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to all the required users. I apologize, but I think that this statement about everyone with root access having the same password is wrong. You can just create an root account for every people with root access, giving them the ID 0 and you will not need to communicate highly sensitive passwords. Also, if we speak about high security or accounts ( which is something I will probably never have to work with ) , I think that if one day I have to administrate a server, I would try to rename root into something else. Why? Because everyone knows ( ok, every potential attacker ) the name of root, which means half the informations needed to login in it ( yes, I know that root passwords should be safe, but there are 2 ways to protect something: put it into a giant, unbreakable safe, or simply hiding it. Combining both seems always better to me. ) . Of course, I'm sure that this would imply to work around few things on usual systems... Well, I am not a sysadmin (and to be honest, most of my accounts are easy to stole, including the root password of my personal computers), so I might be wrong in some of my phrases. If so, please correct me. My 2 cents. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/6447dcff237b2377b292c7d7d860b...@neutralite.org
Re: sudo questions
On 8/16/2013 8:31 AM, berenger.mo...@neutralite.org wrote: Le 15.08.2013 04:11, Richard Hector a écrit : By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to all the required users. I apologize, but I think that this statement about everyone with root access having the same password is wrong. You can just create an root account for every people with root access, giving them the ID 0 and you will not need to communicate highly sensitive passwords. Which would be a major security risk. You do NOT want a bunch of ids with root privileges. Nor do you want anyone but the system administrator (and backup) to have full root access to the system. Also, if we speak about high security or accounts ( which is something I will probably never have to work with ) , I think that if one day I have to administrate a server, I would try to rename root into something else. Why? Because everyone knows ( ok, every potential attacker ) the name of root, which means half the informations needed to login in it ( yes, I know that root passwords should be safe, but there are 2 ways to protect something: put it into a giant, unbreakable safe, or simply hiding it. Combining both seems always better to me. ) . Of course, I'm sure that this would imply to work around few things on usual systems... I've worked with high security servers. Renaming root isn't really much added security. Rather, you need to prevent root from logging in remotely, which is quite easy to do. Once a user is logged in, they can use sudo or su to access additional privileges; these do not need to know the name of the root account. Preventing root login from remote systems is much more secure than renaming the account. Well, I am not a sysadmin (and to be honest, most of my accounts are easy to stole, including the root password of my personal computers), so I might be wrong in some of my phrases. If so, please correct me. My 2 cents. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520e313b.1080...@attglobal.net
Re: sudo questions
Le 16.08.2013 16:03, Jerry Stuckle a écrit : On 8/16/2013 8:31 AM, berenger.mo...@neutralite.org wrote: Le 15.08.2013 04:11, Richard Hector a écrit : By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to all the required users. I apologize, but I think that this statement about everyone with root access having the same password is wrong. You can just create an root account for every people with root access, giving them the ID 0 and you will not need to communicate highly sensitive passwords. Which would be a major security risk. You do NOT want a bunch of ids with root privileges. Nor do you want anyone but the system administrator (and backup) to have full root access to the system. Why would it be worse than a shared admin account? For the shared account, I can easily understand why it's not something to do, but I can not see the problem with multiple root accounts? (I did not said that the admins should use them for daily tasks, just that it was possible to use that to avoid changing a password when someone lost his rights.) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/6df0ac16a76238e4986b4fa36b858...@neutralite.org
Re: sudo questions
On Fri, 2013-08-16 at 17:08 +0200, berenger.mo...@neutralite.org wrote: Why would it be worse than a shared admin account? For the shared account, I can easily understand why it's not something to do, but I can not see the problem with multiple root accounts? (I did not said that the admins should use them for daily tasks, just that it was possible to use that to avoid changing a password when someone lost his rights.) You give users the needed privileges, not more, not less. If a user should need full root access, then it's ok too, this user also could get the root password directly, since it anyway would be possible to change the root password by this user, but you unlikely will give several users those rights, since if you would do that, no admin is needed anymore. It's not only a security risk regarding to viruses, data piracy etc., but also a risk that too many admins could mess up the stability of the install. You need an admin and alternate admins and users usually don't need any kind of root privilege. Don't confuse our home machines with servers of large companies, at home we even don't need this level of security, resp. at home take care that nobody can use a live media and chroot your install, so for the paranoid home computer user, encrypt the drive, change your passwords 8 times a day etc. ;), even don't store your keys anywhere, learn more than 2048 numbers by heart and type the complete key each time you want to do something. IOW as long as somebody in your flat can turn on your machine and insert a live media, you don't need to take that much care about passwords, excepted of Internet security, such a machine can be hacked by going the chroot route. However, this su, sudo debate is nonsense. Don't confuse I'm accustomed too and would prefer with it's more or less secure. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376667809.1734.22.camel@archlinux
Re: sudo questions
On 8/16/2013 11:08 AM, berenger.mo...@neutralite.org wrote: Le 16.08.2013 16:03, Jerry Stuckle a écrit : On 8/16/2013 8:31 AM, berenger.mo...@neutralite.org wrote: Le 15.08.2013 04:11, Richard Hector a écrit : By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to all the required users. I apologize, but I think that this statement about everyone with root access having the same password is wrong. You can just create an root account for every people with root access, giving them the ID 0 and you will not need to communicate highly sensitive passwords. Which would be a major security risk. You do NOT want a bunch of ids with root privileges. Nor do you want anyone but the system administrator (and backup) to have full root access to the system. Why would it be worse than a shared admin account? For the shared account, I can easily understand why it's not something to do, but I can not see the problem with multiple root accounts? (I did not said that the admins should use them for daily tasks, just that it was possible to use that to avoid changing a password when someone lost his rights.) It is that many more accounts with root access that can be broken into, and you have to protect against hackers. You should only have two (in large shops maybe 3) people with full root access - that admin and his/her backup(s). Then you prevent 'root' from being logged into remotely. Finally, you give people with the need for *some* special access limited access to those resources. It is far safer for those two or three who need root access to log in with their own id then su to get to root. Please read up on system administration and linux security in general. Properly securing a system is a systematic process with lots of things to consider. It is not something you can learn in a few usenet messages. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520e4a2e.9060...@attglobal.net
Re: sudo questions
Le 16.08.2013 17:43, Ralf Mardorf a écrit : On Fri, 2013-08-16 at 17:08 +0200, berenger.mo...@neutralite.org wrote: Why would it be worse than a shared admin account? For the shared account, I can easily understand why it's not something to do, but I can not see the problem with multiple root accounts? (I did not said that the admins should use them for daily tasks, just that it was possible to use that to avoid changing a password when someone lost his rights.) You give users the needed privileges, not more, not less. If a user should need full root access, then it's ok too, this user also could get the root password directly, since it anyway would be possible to change the root password by this user, but you unlikely will give several users those rights, since if you would do that, no admin is needed anymore. It's not only a security risk regarding to viruses, data piracy etc., but also a risk that too many admins could mess up the stability of the install. You need an admin and alternate admins and users usually don't need any kind of root privilege. I did not mention giving root privileges for all users, but Richard Hector said that one of su's problems was that every admin would need to know the same password, and that if one of them must lost his rights, the new password should be given to all remaining admins. So I said that this was wrong, since it is possible to have more than one admin account. I did not said that those admin accounts should be used for daily tasks. About having only one admin... I think the best is to have 2, because what will happen if one have can not connect when there is a problem? So, imho, sudo to make multiple full admins is not better than su. For partial admin rights, sudo have the advantage of better granularity, but, as few people said, I think that a normal user's password is ( or should be ) more easily stolen than the root password, since this last one should be used only with special care. But this can be configured, I guess. I do not really mind, since I do not need sudo. Don't confuse our home machines with servers of large companies, at home we even don't need this level of security, resp. at home take care that nobody can use a live media and chroot your install, so for the paranoid home computer user, encrypt the drive, change your passwords 8 times a day etc. ;), even don't store your keys anywhere, learn more than 2048 numbers by heart and type the complete key each time you want to do something. IOW as long as somebody in your flat can turn on your machine and insert a live media, you don't need to take that much care about passwords, excepted of Internet security, such a machine can be hacked by going the chroot route. Of course. My user password is a very short one here, I would never use it for real business. My root pass on the other hand should give some problems to an attacker, and the password of that mail address is even stronger ( it's easier and more useful to target my mail provider than my desktop, and since I use su quite often - updates, playing with funny commands - I prefer an average password easy to write ) However, this su, sudo debate is nonsense. Don't confuse I'm accustomed too and would prefer with it's more or less secure. I agree. The problem is rarely the tools, it's how they are used ( I think the best example on that are Windows' antiviruses and firewalls, which are only burning resources and money for nothing depending on the user ) . My first intervention was to fix someone which said that root accounts are unique, with all the problems implied by shared accounts ( password communication, lacks of identification of who made what... ). Then, a real admin replied, so I took the occasion to learn and understand few more things, even if I do not apply them at home: maybe I'll have to manage a server one day, so any knowledge is good to take :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2e97c977884c00f7ef23752e3d6c5...@neutralite.org
Re: sudo questions
Le 16.08.2013 17:50, Jerry Stuckle a écrit : On 8/16/2013 11:08 AM, berenger.mo...@neutralite.org wrote: Le 16.08.2013 16:03, Jerry Stuckle a écrit : On 8/16/2013 8:31 AM, berenger.mo...@neutralite.org wrote: Le 15.08.2013 04:11, Richard Hector a écrit : By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to all the required users. I apologize, but I think that this statement about everyone with root access having the same password is wrong. You can just create an root account for every people with root access, giving them the ID 0 and you will not need to communicate highly sensitive passwords. Which would be a major security risk. You do NOT want a bunch of ids with root privileges. Nor do you want anyone but the system administrator (and backup) to have full root access to the system. Why would it be worse than a shared admin account? For the shared account, I can easily understand why it's not something to do, but I can not see the problem with multiple root accounts? (I did not said that the admins should use them for daily tasks, just that it was possible to use that to avoid changing a password when someone lost his rights.) It is that many more accounts with root access that can be broken into, and you have to protect against hackers. Now I see the point, thanks. You should only have two (in large shops maybe 3) people with full root access - that admin and his/her backup(s). Then you prevent 'root' from being logged into remotely. Finally, you give people with the need for *some* special access limited access to those resources. I see. So here I can see why to use sudo, for it's granularity for servers. I have no idea if such granularity could be made with su (maybe with groups I guess, but it would be limited to files, so would be useless for root programs). It is far safer for those two or three who need root access to log in with their own id then su to get to root. Given that Debian does it (forbid remote root access) and that I am always use su locally, I already do that. Happy to learn that it's a good thing. Please read up on system administration and linux security in general. Properly securing a system is a systematic process with lots of things to consider. It is not something you can learn in a few usenet messages. Of course, I can not learn such a complex thing just by few messages. I simply took the occasion to learn and understand one thing. I do not really have the time to learn system security, I still have a lot of things to learn about programming, which is my job (without speaking about simple system maintenance and/or the use of tools I can discover at random through aptitude. I still feel like a newbie despite my years of using debian...). But it does not means that I limit my curiosity to programming... after all, how could someone write a good program if he only knows programming? I like to say that the main programmers' qualities are curiosity and laziness, which are usually considered being problems ;) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/393587fb17755ca06382a7c627a51...@neutralite.org
Re: sudo questions
You can set up a root account, but you anyway shouldn't run X sessions as root. The Debian on my machine and all Debian installs I ever used had a root account by default, but sudo wasn't enabled. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376477384.1751.78.camel@archlinux
Re: sudo questions
On Wed, 2013-08-14 at 12:49 +0200, Ralf Mardorf wrote: You can set up a root account, but you anyway shouldn't run X sessions as root. The Debian on my machine and all Debian installs I ever used had a root account by default, but sudo wasn't enabled. Oops, pushed the wrong button, I wanted to save and not to send the email. https://wiki.debian.org/sudo [rocketmouse@archlinux ~]$ gpasswd --help Usage: gpasswd [option] GROUP Options: -d, --delete USER remove USER from GROUP Note that some distros or perhaps desktop environments have more security barriers that cause issues, for some X applications you need to run gksu, gksudo or kdesu, while for other distros there quasi is nothing set up by default, you have to set up everything regarding to accounts yourself, Arch Linux is one of those distros. http://www.thegeekstuff.com/2009/09/ubuntu-tips-how-to-login-using-su-command-su-gives-authentication-failure-error-message/ Regards, Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376478036.1751.87.camel@archlinux
Re: sudo questions
On Wed, Aug 14, 2013 at 12:14:47PM +0200, François Patte wrote: Bonjour, For some unknown reason I did not activate the root account during the installation. I activated it from a user account, say John Doe. Now John Doe can become root anytime and do anything on my machine. How can I deactivate this? I have seen that John Doe is a member of almost all groups in /etc/group and /etc/gshadow... Is there a simple method to remove John Doe from these files and are there other files to modify? Check /etc/sudoers and /etc/sudoers.d/*. If you have a line like: %sudo ALL=(ALL:ALL) ALL then removing John Doe from the 'sudo' group should be enough (assuming, of course no other line allows him access). Otherwise, you'll have to look at other lines and see if any of them allow John Doe access and remove them. Use visudo as root to edit these files - it'll syntax check before saving. I asked a question about this inconvenience of the sudo way to activate root account: lightdm accepts to login root for a graphical session, I found a method to forbid this: add this line in /etc/pam.d/ligthdm: auth required pam_succeed_if.so user != root quiet I don't understand this fashion: sudo and no root account It is the same under ubuntu. What for? I believe the idea is to discourage people from logging in as root. You can't get rid of root completely (any user with an ID of 0 is root), nor would you want to. But there have been many a horror story of people logging in as a super-user (either Root on Linux or Adminstrator on Windows) for day-to-day work - perhaps to work around some permissions issue or something. 'sudo' is preferred over 'su' because A) it allows for better control of who can do what - if you want a user to be able to run 'foo' as root without being asked for their password, you can do that B) the simple interface (just adding one keyword before a command line) encourages users to run JUST ONE command as root - 'su' makes it all too easy to switch to a root shell and forget to switch back. Now, I don't believe there's been any active discouragement of doing things 'the old way'. It's just that, as linux becomes more popular, it needs to become more 'user friendly' - and that means robustness against user folly. signature.asc Description: Digital signature
Re: sudo questions
Le 14/08/2013 14:44, Darac Marjal a écrit : On Wed, Aug 14, 2013 at 12:14:47PM +0200, François Patte wrote: Bonjour, For some unknown reason I did not activate the root account during the installation. I activated it from a user account, say John Doe. Now John Doe can become root anytime and do anything on my machine. How can I deactivate this? I have seen that John Doe is a member of almost all groups in /etc/group and /etc/gshadow... Is there a simple method to remove John Doe from these files and are there other files to modify? Check /etc/sudoers and /etc/sudoers.d/*. If you have a line like: %sudo ALL=(ALL:ALL) ALL then removing John Doe from the 'sudo' group should be enough (assuming, of course no other line allows him access). Thanks. That was my first idea and I checked this file; unfortunately, there is no mention of John Doe in the sudoers file That's why I checked group and gshadow files to discover that John doe was a member of many groups And I wonder how to correct this in one or two commands... It seems that I have to do the job group after group I asked a question about this inconvenience of the sudo way to activate root account: lightdm accepts to login root for a graphical session, I found a method to forbid this: add this line in /etc/pam.d/ligthdm: auth required pam_succeed_if.so user != root quiet I don't understand this fashion: sudo and no root account It is the same under ubuntu. What for? I believe the idea is to discourage people from logging in as root. You can't get rid of root completely (any user with an ID of 0 is root), nor would you want to. But there have been many a horror story of people logging in as a super-user (either Root on Linux or Adminstrator on Windows) for day-to-day work - perhaps to work around some permissions issue or something. This is the responsability of every person installing an os on a computer, I don't understand why conceptors of a distro would take in charge mistakes done by users... We can all see this warning: don't work as root on a computer! That should be enough. 'sudo' is preferred over 'su' because A) it allows for better control of who can do what - if you want a user to be able to run 'foo' as root without being asked for their password, you can do that B) the simple interface (just adding one keyword before a command line) encourages users to run JUST ONE command as root - 'su' makes it all too easy to switch to a root shell and forget to switch back. I think that sudo system is less secure than the old system root account. 1) Anybody with sudo root permission (as it is the case for the first person using sudo after an installation) can do sudo bash and he can run as many commands as he wants as root. 2) John Doe's password on the system may be cracked more easily than root's password because John Doe will certainly make internet connections and during such a connection his password can be intercepted; root on a machine has no reason to connect as root to a remote system. So anyone catching John doe password can logon as root on a system and compromise it. As for the fact that if you use su - you could forget that you have done that, but A) the prompt displays a # and not a $ B) it is easy to modify the bash prompt to make it red (for instance) for the root account. Moeover, by default on my debian install, I could see that root login through ssh is allowed: is it really the default configuration? -- François Patte UFR de mathématiques et informatique Laboratoire CNRS MAP5, UMR 8145 Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)1 8394 5849 http://www.math-info.univ-paris5.fr/~patte signature.asc Description: OpenPGP digital signature
Re: sudo questions
Hello, On 14/08/13 15:30, François Patte wrote: Moeover, by default on my debian install, I could see that root login through ssh is allowed: is it really the default configuration? Yeap ! For details, read the subsection `PermitRootLogin set to yes' in the first section of /usr/share/doc/openssh-server/README.Debian.gz hth, Jerome -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520b93ae.3060...@rezozer.net
Re: sudo questions
On 8/14/2013 8:44 AM, Darac Marjal wrote: I believe the idea is to discourage people from logging in as root. You can't get rid of root completely (any user with an ID of 0 is root), nor would you want to. But there have been many a horror story of people logging in as a super-user (either Root on Linux or Adminstrator on Windows) for day-to-day work - perhaps to work around some permissions issue or something. 'sudo' is preferred over 'su' because A) it allows for better control of who can do what - if you want a user to be able to run 'foo' as root without being asked for their password, you can do that B) the simple interface (just adding one keyword before a command line) encourages users to run JUST ONE command as root - 'su' makes it all too easy to switch to a root shell and forget to switch back. Now, I don't believe there's been any active discouragement of doing things 'the old way'. It's just that, as linux becomes more popular, it needs to become more 'user friendly' - and that means robustness against user folly. I agree in principle that sudo is better then su. The problem I have with it is security; when you use sudo you type in your own password. So if your password is compromised, the hacker can do anything the sudo user can do - which may be very bad. For instance, I'm the sysadmin on my VPS's. root is blocked from logging in. However, as sysadmin I need access to pretty much everything at some time or another. If I allow my id to have sudo access to everything and someone gets my password, then they can really screw up the system. However, when I use su, I need to key in the root password before doing anything. This adds another layer of security to the system. But obviously I don't want to give out the root password to others. What I would like to see is the option to require users to have a second password (neither their login nor root password) to use sudo. I know it's another password - but as an option it would increase security. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520b95e5.3080...@attglobal.net
Re: sudo questions
On 14.08.2013 17:36, Jerry Stuckle wrote: I agree in principle that sudo is better then su. The problem I have with it is security; when you use sudo you type in your own password. So if your password is compromised, the hacker can do anything the sudo user can do - which may be very bad. [snip] One way around that is to not use the administrator's account for your daily tasks. Make a separate account without such privileges for daily use and only use the other one when you actually need root privileges. Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520b96e5.3080...@gmail.com
Re: sudo questions
root usually does connect to the Internet too, e.g. to run apt, ntp, etc. pp., even the internet connection for the user has to be established by root, maybe not by a human being, but at least e.g. on startup automatically. You don't have to give a user special permissions, it's the admin's task to set up what permissions a user should get. Btw. there is no old vs a new system. There is no Linux default for this, you're simply accustomed to use a default of some distros. Your words: This is the responsability of every person installing an os ;) It's your self-responsibility to set up this things yourself. Because not everybody is able to do this, at least newbies usually aren't able to do it, so there are distros that come with default settings, X and a desktop environment. This has got advantages and disadvantages. If you don't like it this way, directly make a minimal install and set up everything yourself. 2 Cents, Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376495998.18169.13.camel@archlinux
Re: sudo questions
On Wed, 2013-08-14 at 10:36 -0400, Jerry Stuckle wrote: However, when I use su, I need to key in the root password before doing anything. This adds another layer of security to the system. He? Than configure sudo to ask for the password too. [rocketmouse@archlinux ~]$ sudo mcedit [sudo] password for rocketmouse: [rocketmouse@archlinux ~]$ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376496246.18169.15.camel@archlinux
Re: sudo questions
On 8/14/2013 12:04 PM, Ralf Mardorf wrote: On Wed, 2013-08-14 at 10:36 -0400, Jerry Stuckle wrote: However, when I use su, I need to key in the root password before doing anything. This adds another layer of security to the system. He? Than configure sudo to ask for the password too. [rocketmouse@archlinux ~]$ sudo mcedit [sudo] password for rocketmouse: [rocketmouse@archlinux ~]$ Yes, but it's the same password as the user used to log in. Not much security if that password is compromised. With su, they need to also know the root password to get root access. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520bae97.7010...@attglobal.net
Re: sudo questions
On 8/14/2013 10:40 AM, Lars Noodén wrote: On 14.08.2013 17:36, Jerry Stuckle wrote: I agree in principle that sudo is better then su. The problem I have with it is security; when you use sudo you type in your own password. So if your password is compromised, the hacker can do anything the sudo user can do - which may be very bad. [snip] One way around that is to not use the administrator's account for your daily tasks. Make a separate account without such privileges for daily use and only use the other one when you actually need root privileges. Regards, /Lars Lars, That's a nice thought. However, about the only time I log onto these VPS's is to perform administrative tasks. I don't use them for daily tasks. And even if I did, I still have the problem of having an account with a single password to get root access. I do, BTW, have different accounts for email, sftp, etc. - none of which can ssh into the server. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520bae88.7000...@attglobal.net
Re: sudo questions
On Wed, 14 Aug 2013 12:21:43 -0400 Jerry Stuckle jstuc...@attglobal.net wrote: On 8/14/2013 12:04 PM, Ralf Mardorf wrote: On Wed, 2013-08-14 at 10:36 -0400, Jerry Stuckle wrote: However, when I use su, I need to key in the root password before doing anything. This adds another layer of security to the system. He? Than configure sudo to ask for the password too. [rocketmouse@archlinux ~]$ sudo mcedit [sudo] password for rocketmouse: [rocketmouse@archlinux ~]$ Yes, but it's the same password as the user used to log in. Not much security if that password is compromised. With su, they need to also know the root password to get root access. You might create another user with high sudo privileges, and the third password, and su to that user from your login account. su isn't only for root access. Put the new user in the adm group, and you can read (but not write) most logs without further privilege. It's not much different from su to root, but it has the sudo advantages of time-expiring the password and of being required for each command. You could for that matter sudo from your login account to the new account, needing the new password, without using su, but this will make every sudo command longer, and we don't need that. Also, sudo can require the root password instead of the user's, but I'm fairly sure this is global, and can't be specified per user or per command in a multi-user system. I won't swear to that, sudo has been seriously revamped recently, and I haven't had to deal with it since then other than fixing it when it broke. It does also have the capability of using other authentication methods, but this is well beyond my needs. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130814200308.674fb...@jretrading.com
Re: sudo questions
Jerry Stuckle wrote: Darac Marjal wrote: I believe the idea is to discourage people from logging in as root. I think it is more one of trying to simplify things for the non-technical user. Having non-technical users deal with one password is hard. Having non-technical users deal with two passwords, one low privilege and one high privilege is very hard. My personal experience comes from dealing with electrical engineers (like me) and ham radio operators (like me) and no one is more surprised than myself about how difficulit teaching those concepts to otherwise very smart people can be. Now, I don't believe there's been any active discouragement of doing things 'the old way'. It's just that, as linux becomes more popular, it needs to become more 'user friendly' - and that means robustness against user folly. Full agreement. I think you hit the nail squarely on the head there. I agree in principle that sudo is better then su. It isn't better. It isn't worse. Using su means one strategy. Using sudo means using a different strategy. They are both rather equivalent. However managing passwords with sudo is somewhat easier in many context such as newbies (only one) and such as group administration (tied to the user). With su and five admins and one leaves then you change the root password and you must distribute the new root password to all admins. With sudo when one admin leaves you simply remove that admin from the sudo list. Personally I prefer ssh rsa keys. It is yet a different security model. No one model is canonically correct or incorrect. They are simply different security models. The problem I have with it is security; when you use sudo you type in your own password. So if your password is compromised, the hacker can do anything the sudo user can do - which may be very bad. There is always going to be some magic cookie that is needed. It is either going to be your password, or root's password, or an ssh rsa key for login, or a one-time-token device, or something. Even a biometric. There is always some critical authentication step. You can move that step around. You can create additional layers such as needing multiple account su stepping. But there will always be a critical section where you can point and say that is the line between low and high privilege. For instance, I'm the sysadmin on my VPS's. root is blocked from logging in. However, as sysadmin I need access to pretty much everything at some time or another. If I allow my id to have sudo access to everything and someone gets my password, then they can really screw up the system. However, when I use su, I need to key in the root password before doing anything. This adds another layer of security to the system. But obviously I don't want to give out the root password to others. But if someone were to put a key logger on your machine they would easily have both. (said mischievously) What I would like to see is the option to require users to have a second password (neither their login nor root password) to use sudo. I know it's another password - but as an option it would increase security. After working with users often I think that is impractical. People are not good at that type of thing. Therefore it is an impractical default for a distro. However you can easily set this up yourself. You can create as many account layers as you desire. I personally do not think this increases security. It definitely increases annoyance! But simply create an intermediate user account. Then allow the 3rd tier accounts to sudo only to the 2nd tier account. Then only allow the 2nd tier account to sudo to root. You may daisy chain as many accounts as you want creating as many password levels as you desire. user1@sys:~$ sudo -u user2 sudo command user1@sys:~$ alias sudo2='sudo -u user2 sudo' user1@sys:~$ sudo2 command Bob signature.asc Description: Digital signature
Re: sudo questions
On Wed, 2013-08-14 at 20:03 +0100, Joe wrote: it has the sudo advantages [snip] of being required for each command. That's not true and it would be a disadvantage. [rocketmouse@archlinux ~]$ su Password: [root@archlinux rocketmouse]# exit [rocketmouse@archlinux ~]$ sudo -i [sudo] password for rocketmouse: [root@archlinux ~]# Take a look at sudo's manpage. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376513254.5135.8.camel@archlinux
Re: sudo questions
An advantage of sudo: [rocketmouse@archlinux ~]$ su -c mcedit /etc/fstab su: user /etc/fstab does not exist [rocketmouse@archlinux ~]$ su -c mcedit /etc/fstab Password: [rocketmouse@archlinux ~]$ sudo mcedit /etc/fstab [sudo] password for rocketmouse: If you work much with command line as user and you only need sometimes root privileges, then the quotation marks needed by su can become very annoying, as soon as there follows a little bit more than just /etc/fstab after the command. FWIW you can have su always asking for a password and at the same time gksu that will remember the password and also ask for the root password, but only one time, not when you use it again and again during a session. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1376514439.5135.15.camel@archlinux
Re: sudo questions
On 15/08/13 01:30, François Patte wrote: I think that sudo system is less secure than the old system root account. 1) Anybody with sudo root permission (as it is the case for the first person using sudo after an installation) can do sudo bash and he can run as many commands as he wants as root. Not necessarily true. You can set up users with permission to run specific commands, and decide whether or not they will need to enter their password. 2) John Doe's password on the system may be cracked more easily than root's password because John Doe will certainly make internet connections and during such a connection his password can be intercepted; root on a machine has no reason to connect as root to a remote system. So anyone catching John doe password can logon as root on a system and compromise it. By internet connections, you mean ssh? If you use ssh keys, none of that can be intercepted. Even if you use a password with ssh, your password is not transmitted in the clear. If you're using that password for things like website logins, that's another issue that needs addressing. By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to all the required users. I don't like having any password shared between multiple people. The only reason for having a root password is for emergency logins on the console, when everything else is broken. For that, the root password is on paper, locked in a safe. Sudo is much simpler/better for general use IMHO. Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520c38c2.70...@walnut.gen.nz