On Mi, 18 dec 13, 13:11:30, Tom H wrote:
>
> At home, people can run "sudo bash" (or more appropriately, "sudo -s"
> or "sudo -i") but we can't do that at my current job or other at my
> previous jobs.
Is this requirement for logging purposes?
Kind regards,
Andrei
--
http://wiki.debian.org/FAQs
On Sat, Dec 14, 2013 at 10:25 AM, Gian Uberto Lauri
wrote:
>> On 14/dic/2013, at 09:09, Nemeth Gyorgy wrote:
>> 2013-12-13 17:22 keltezéssel, John Hasler írta:
...must have successfully authenticated
to execute a sudo command once
>>>
>>> Within the last 15 minutes.
>>
>> ... from
On Fri, Dec 13, 2013 at 4:50 PM, Gian Uberto Lauri wrote:
> Tom H writes:
>> In the corporate environments where I work, we are about 70 sysadmins
>> in my location and about half as much in another. We all sudo to root
>> on our more or less 11,000 systems. So by your reckoning we have 100
>> c
On Mon, Dec 16, 2013 at 7:40 PM, Gian Uberto Lauri wrote:
> Joel Rees writes:
> > On Wed, Dec 11, 2013 at 5:39 PM, Gian Uberto Lauri wrote:
> > > [...]
> > > Maybe I failed expressing that I am not completely against sudo, there
> > > are several good sudo usages and even "caching" the authen
On Wed, Dec 11, 2013 at 8:28 PM, Chris Bannister
wrote:
> On Tue, Dec 10, 2013 at 11:50:00PM +0100, Gian Uberto Lauri wrote:
>>
>> What makes root special is not the name but the numerical user id and group
>> id, bot set to zero. See /etc/passwd.
>
> Don't you have to be logged in to do that?
S
Joel Rees writes:
> On Wed, Dec 11, 2013 at 5:39 PM, Gian Uberto Lauri wrote:
> > [...]
> > Maybe I failed expressing that I am not completely against sudo, there
> > are several good sudo usages and even "caching" the authentication has
> > its very legitimate uses, and the -k and -K flags h
On Wed, Dec 11, 2013 at 5:39 PM, Gian Uberto Lauri wrote:
> [...]
> Maybe I failed expressing that I am not completely against sudo, there
> are several good sudo usages and even "caching" the authentication has
> its very legitimate uses, and the -k and -K flags help a lot in this,
> even if some
On Wed, Dec 11, 2013 at 02:13:18PM +0100, Gian Uberto Lauri wrote:
> Chris Bannister writes:
>
> > This is in a tty, so don't know what will happen in an xterm or other
> > virtual terminal.
>
> The virtual terminals usually honour ANSI escape sequences. For sure
> xterm, the rxvt family and th
The same terminal or the same shell?
--
Gian Uberto Lauri
Messaggio inviato da un tablet
> On 14/dic/2013, at 09:09, Nemeth Gyorgy wrote:
>
> 2013-12-13 17:22 keltezéssel, John Hasler írta:
>>> ...must have successfully authenticated
>>> to execute a sudo command once
>>
>> Within the last 15
2013-12-13 17:22 keltezéssel, John Hasler írta:
>> ...must have successfully authenticated
>> to execute a sudo command once
>
> Within the last 15 minutes.
... from the same terminal. Don't forget this criteria because it is
important.
--
--- Friczy ---
'Death is not a bug, it's a feature'
Tom H writes:
> On Thu, Dec 12, 2013 at 9:40 AM, Gian Uberto Lauri wrote:
> > Bob Proulx writes:
> >>
> >> Right. Because normal users can't change the system time.
> >
> > Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
> > program including 'date -s'. Or at least '
Tom H writes:
> In the corporate environments where I work, we are about 70 sysadmins
> in my location and about half as much in another. We all sudo to root
> on our more or less 11,000 systems. So by your reckoning we have 100
> critical accounts but that's not how our internal and external
Tom H writes:
> ...must have successfully authenticated
> to execute a sudo command once
Within the last 15 minutes.
> ...and it must be possible for users to modify the system time without
> entering a password."
Which is, of course, not the case on Debian.
--
John Hasler
jhas...@newsguy.com
On Thu, Dec 12, 2013 at 9:40 AM, Gian Uberto Lauri wrote:
> Bob Proulx writes:
>>
>> Right. Because normal users can't change the system time.
>
> Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
> program including 'date -s'. Or at least 'sudo bash', and then live
> happy w
On Wed, Dec 11, 2013 at 10:56 PM, Ralf Mardorf
wrote:
>
> http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
>
> But note! The Chaos Computer Club does publish howtos using sudo on
> Linux: http://muc.ccc.de/uberbus:ubd
>
> I don't think the Chaos Computer C
On Tue, Dec 10, 2013 at 7:59 AM, Gian Uberto Lauri wrote:
> Tom H writes:
>> On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri wrote:
>>> If some users needed to have the root power for a small set of
>>> operation, then sudo would give them that extact power, no more no
>>> less.
>>>
>>> What
Bob Proulx writes:
> Gian Uberto Lauri wrote:
> > Bob Proulx writes:
> > > How would this be accomplished? (Answer cannot contain a use of sudo!
> > > No circular logic please.)
> > > ...
> > > Right. Because normal users can't change the system time.
> >
> > Sorry, wrong. With 'folk A
Gian Uberto Lauri wrote:
> Bob Proulx writes:
> > How would this be accomplished? (Answer cannot contain a use of sudo!
> > No circular logic please.)
> > ...
> > Right. Because normal users can't change the system time.
>
> Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root AN
On Thu, 2013-12-12 at 22:14 +0900, Osamu Aoki wrote:
> 'sudo sh' is as easy on finger (no shift) and do not feel as bad.
Doesn't it have any side-effects?
I wonder about the prompt of an Arch Linux install.
[rocketmouse@archlinux ~]$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Aug 25 14:06 /bin/sh
On Thu, 12 Dec 2013 22:14:50 +0900
Osamu Aoki wrote:
> On Sun, Dec 08, 2013 at 09:09:53PM -0500, Neal Murphy wrote:
> > On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
> > > On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
> > > > For me, I usually set up 'sudo su'
> > >
> > > sudo
On Sun, Dec 08, 2013 at 09:09:53PM -0500, Neal Murphy wrote:
> On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
> > On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
> > > For me, I usually set up 'sudo su'
> >
> > sudo has the '-s' and '-i' switches, why mix with 'su'?
> >
> > Kind re
On 12/12/13 11:43, Gian Uberto Lauri wrote:
Iain M Conochie writes:
> > I got it about 20 years ago. Is it enough?
> Mayeb - just maybe ;)
Indeed, never be sure! :)
> > You say it. It is not bullet proof. The bullet has already pierced the
> > target once. Therefore it may happen again
Iain M Conochie writes:
> > I got it about 20 years ago. Is it enough?
> Mayeb - just maybe ;)
Indeed, never be sure! :)
> > You say it. It is not bullet proof. The bullet has already pierced the
> > target once. Therefore it may happen again.
> May - but not assured.
Indeed. You usually p
On 12/12/13 08:20, Gian Uberto Lauri wrote:
Iain M Conochie writes:
> On 11/12/13 08:01, Gian Uberto Lauri wrote:
> > > Encrypt your hard disk.
> >
> > Hoping that the encryption you use has no backdoor.
> You do understand what the peer review process is right?
I got it about 20 yea
On Thu, 2013-12-12 at 10:40 +0100, Gian Uberto Lauri wrote:
> sudo date 2101
>
> and feel younger ;)
That's a shoddy trick. I always wonder about that man:
"Foreman said he had no plans to resume his career as a boxer, but then
announced in February 2004 that he was training for one more com
Bob Proulx writes:
> Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
program including 'date -s'. Or at least 'sudo bash', and then live
happy with a shell executed with the root id.
If your /etc/sudoers contains
Ralf Mardorf writes:
> http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
The attack described in the post is the kind of hijack I thought
about.
> But note! The Chaos Computer Club does publish howtos using sudo on
> Linux: http://muc.ccc.de/uberbus:ubd
Iain M Conochie writes:
> On 11/12/13 08:01, Gian Uberto Lauri wrote:
> > > Encrypt your hard disk.
> >
> > Hoping that the encryption you use has no backdoor.
> You do understand what the peer review process is right?
I got it about 20 years ago. Is it enough?
> Although not a
> magic
Ralf Mardorf writes:
> On Wed, 2013-12-11 at 15:33 +0100, Gian Uberto Lauri wrote:
> > > You need to inform yourself, to know that there's a callback for
> > > the danger to life baby bottle.
> >
> > Ouch, InsufficentEnglishSkillException! Could you help me please :)
>
> Assumed a bab
Ralf Mardorf wrote:
> http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
In the article:
... it must be possible for users to modify the system time without
entering a password.
How would this be accomplished? (Answer cannot contain a use of sudo!
No
http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
But note! The Chaos Computer Club does publish howtos using sudo on
Linux: http://muc.ccc.de/uberbus:ubd
I don't think the Chaos Computer Club folks would write a howto using
sudo, if sudo would be a securi
On Wed 11 Dec 2013 at 21:04:48 +0100, Gian Uberto Lauri wrote:
> Gentleman, the exploits are unknown to you, not to the black market
> that supplies those investing in "not perfectly legitimate software".
> Should I quote stuxnet one more time or you took the time to read how
> it reached it's not
On 11/12/13 08:01, Gian Uberto Lauri wrote:
> Encrypt your hard disk.
Hoping that the encryption you use has no backdoor.
You do understand what the peer review process is right? Although not a
magic bullet, it can help weed this out.
Choose a *very* good password.
For the encryption, I
Gentleman, the exploits are unknown to you, not to the black market that
supplies
those investing in "not perfectly legitimate software". Should I quote stuxnet
one more time or you took the time to read how it reached it's
not-network-connected intended targets?
--
Gian Uberto Lauri
Messaggi
On Wed, 2013-12-11 at 15:33 +0100, Gian Uberto Lauri wrote:
> > You need to inform yourself, to know that there's a callback for
> > the danger to life baby bottle.
>
> Ouch, InsufficentEnglishSkillException! Could you help me please :)
Assumed a baby bottle does poison the milk, because the
On Wed 11 Dec 2013 at 09:11:56 +0100, Gian Uberto Lauri wrote:
> Brian writes:
>
> > We do not worry about serious, unpublicised exploits. Their existance is
> > of little consquence for your argument as your "attackers" would not
> > know about them.
>
> Are you kidding?
About attackers bei
Ralf Mardorf writes:
> On Wed, 2013-12-11 at 14:07 +0100, Gian Uberto Lauri wrote:
> > It happens that appliances are called back by manufacturers due safety
> > issues.
>
> Debian and other distros provide security updates _and_ much more
> important, analog to a product callback, homepages
On Wed, 2013-12-11 at 14:07 +0100, Gian Uberto Lauri wrote:
> It happens that appliances are called back by manufacturers due safety
> issues.
Debian and other distros provide security updates _and_ much more
important, analog to a product callback, homepages with news about the
distro. You need t
Chris Bannister writes:
> This is in a tty, so don't know what will happen in an xterm or other
> virtual terminal.
The virtual terminals usually honour ANSI escape sequences. For sure
xterm, the rxvt family and the libvte-based ones do.
But with virtual terminals you can do something like hav
Ralf Mardorf writes:
> On Wed, 2013-12-11 at 09:39 +0100, Gian Uberto Lauri wrote:
> > Let's suppose that Debian+Ubuntu get the largest share of the
> > installed end user desktops.
>
> The tendency is that seemingly newbies start using pre-build Linux
> environments and use Linux as they wo
Chris Bannister writes:
> On Tue, Dec 10, 2013 at 11:50:00PM +0100, Gian Uberto Lauri wrote:
> >
> > What makes root special is not the name but the numerical user id and
> > group id, bot set to zero. See /etc/passwd.
>
> Don't you have to be logged in to do that?
Gentleman???
I was si
On Tue, Dec 10, 2013 at 11:11:34PM +, Lisi Reisz wrote:
> On Tuesday 10 December 2013 06:39:17 Tom H wrote:
> > You can't trust yourself with sudo but you can trust yourself with
> > su or login root access...
>
> I have to make a conscious effort to become root. This reduces the
> risk that
On Wed, 2013-12-11 at 09:39 +0100, Gian Uberto Lauri wrote:
> Let's suppose that Debian+Ubuntu get the largest share of the
> installed end user desktops.
The tendency is that seemingly newbies start using pre-build Linux
environments and use Linux as they would use Windows, IOW without
self-respo
On Tue, Dec 10, 2013 at 11:50:00PM +0100, Gian Uberto Lauri wrote:
>
> What makes root special is not the name but the numerical user id and group
> id, bot set to zero. See /etc/passwd.
Don't you have to be logged in to do that?
The issue was that there would be only one exploitable account, i
Ralf Mardorf writes:
> On Di, 2013-12-10 at 23:54 +0100, Gian Uberto Lauri wrote:
> > Clever attacks manifest themselves a long time after the "infection" in
> > order
> > to poison backups. And backup media may fail when they are most needed.
> > That's an effect of Murphy's law :).
>
> R
Brian writes:
> We do not worry about serious, unpublicised exploits. Their existance is
> of little consquence for your argument as your "attackers" would not
> know about them.
Are you kidding?
> If what you are referring to is what I think it is then no machines were
> ever harmed. Not
> Encrypt your hard disk.
Hoping that the encryption you use has no backdoor.
> Choose a *very* good password.
For the encryption, I suppose. That once one has his hands on the
hardware there is no user/prom/bios password stopping his intrusion.
> Unless they are a honey trap - and then you
On Di, 2013-12-10 at 23:54 +0100, Gian Uberto Lauri wrote:
> Clever attacks manifest themselves a long time after the "infection" in order
> to poison backups. And backup media may fail when they are most needed.
> That's an effect of Murphy's law :).
Read about my backup strategy below. Only one
On Tue 10 Dec 2013 at 23:50:00 +0100, Gian Uberto Lauri wrote:
>
>
> > On 10/dic/2013, at 20:46, Brian wrote:
>
> > Quite possibly this is a technique which is tried but, in a default
> > install, Debian does not provide any faulty services.
> >
>
> You are never sure about not-yet publicize
On Tuesday, December 10, 2013 05:56:24 PM Lisi Reisz wrote:
> On Tuesday 10 December 2013 16:50:54 Nate Bargmann wrote:
> > I presume that entering a password in those fields results in root
> > having its own password and the first user account not being a
> > member of the sudo group.
>
> That i
On Tuesday 10 December 2013 06:39:17 Tom H wrote:
> You can't trust yourself with sudo but you can trust yourself with
> su or login root access...
I have to make a conscious effort to become root. This reduces the
risk that I will accidentally do something extra foolish. I do not
have root lo
Clever attacks manifest themselves a long time after the "infection" in order
to poison backups. And backup media may fail when they are most needed.
That's an effect of Murphy's law :).
--
Gian Uberto Lauri
Messaggio inviato da un tablet
> On 10/dic/2013, at 21:54, Ralf Mardorf wrote:
>
>> On
> On 10/dic/2013, at 20:46, Brian wrote:
> Quite possibly this is a technique which is tried but, in a default
> install, Debian does not provide any faulty services.
>
You are never sure about not-yet publicized exploits.
And some time ago there was a problem with sone ssh code that
should
On Tuesday 10 December 2013 16:50:54 Nate Bargmann wrote:
> I presume that entering a password in those fields results in root
> having its own password and the first user account not being a
> member of the sudo group.
That is what I assumed, but as a result of this thread I just tested.
I have
On Di, 2013-12-10 at 21:44 +, Brian wrote:
> On Tue 10 Dec 2013 at 15:32:57 -0600, Nate Bargmann wrote:
>
> > I was guessing that it refered to Display 0:0 of the X server as the
> > discussion centered on running X as root at one point.
>
> May I withdraw my "More than likely"? There has to
On Tue 10 Dec 2013 at 15:32:57 -0600, Nate Bargmann wrote:
> I was guessing that it refered to Display 0:0 of the X server as the
> discussion centered on running X as root at one point.
May I withdraw my "More than likely"? There has to be a time when the
guessing has to cease,
--
To UNSUBSCR
I was guessing that it refered to Display 0:0 of the X server as the
discussion centered on running X as root at one point.
- Nate
--
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."
Ham radio, Linux, bikes, and more: http://www.n0nb.
On Tue 10 Dec 2013 at 22:04:00 +0100, Ralf Mardorf wrote:
> On Di, 2013-12-10 at 19:46 +, Brian wrote:
> > The English is fine but I wish I understood the implications of 0:0.
>
> root:root?
More than likely; but its significance in the contaxt it was given still
escapes me. (Probably becaus
On Di, 2013-12-10 at 19:46 +, Brian wrote:
> The English is fine but I wish I understood the implications of 0:0.
root:root?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://list
On Di, 2013-12-10 at 17:56 +0100, Gian Uberto Lauri wrote:
> I would not trust backups as an absolute safety
You don't trust backups? Why?
Regards,
Ralf
PS: I make complete backups, IOW I backup everything, don't sync, but
make complete new backups nearly daily. At the end of a month I delete
so
On Tue 10 Dec 2013 at 11:18:17 -0600, y...@marupa.net wrote:
> On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
> > Gian Uberto Lauri writes:
> > > Some of your argument seems to suggest that the Debian installer should
> > > not offer the option of leaving the root password blank
> >
On Tue 10 Dec 2013 at 18:23:21 +0100, Gian Uberto Lauri wrote:
> y...@marupa.net writes:
>
> > Not only that, but now whoever seeks to compromise your account has the
> added
> > challenge of figuring out just what, exactly, the name of the
> > account is.
>
> Usually attackers first try to
On 10/12/13 16:56, Gian Uberto Lauri wrote:
Physical security is indeed an issue. When attackers can put their
greedy hands on a computer there is nothing to stop them :)
Encrypt your hard disk. Choose a *very* good password. That will slow
them down, if not halt them. But it depends on *who*
Nate Bargmann writes:
> * On 2013 10 Dec 11:01 -0600, Gian Uberto Lauri wrote:
> > Nate Bargmann writes:
> > > I did a Wheezy install on Sunday and, yes, leaving the root password
> > > fields empty in the installer results in the first user account being in
> > > the sudo group.
> >
> >
y...@marupa.net writes:
> Not only that, but now whoever seeks to compromise your account has the
> added
> challenge of figuring out just what, exactly, the name of the
> account is.
Usually attackers first try to enter -possibly using a faulty
service-, then to exploit some vulnerability.
John Hasler writes:
> It *disables* the root account. Thus there is only one "vulnerable"
> account.
Phew :)
--
/\ ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_ African word
//--\| | \| | Integralista GNUslamico
* On 2013 10 Dec 11:01 -0600, Gian Uberto Lauri wrote:
> Nate Bargmann writes:
> > I did a Wheezy install on Sunday and, yes, leaving the root password
> > fields empty in the installer results in the first user account being in
> > the sudo group.
>
> Uh, really does it leave root account pass
Gian Uberto Lauri writes:
> Uh, really does it leave root account password-less? Or disables
> logging in as root ?
It disables the root account.
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe
On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
> Gian Uberto Lauri writes:
> > Some of your argument seems to suggest that the Debian installer should
> > not offer the option of leaving the root password blank
>
> Gian Uberto Lauri
>
> > IT DOES? AAARGH!
>
> It *disables*
Gian Uberto Lauri writes:
> Some of your argument seems to suggest that the Debian installer should
> not offer the option of leaving the root password blank
Gian Uberto Lauri
> IT DOES? AAARGH!
It *disables* the root account. Thus there is only one "vulnerable"
account.
--
John Hasler
Nate Bargmann writes:
> I did a Wheezy install on Sunday and, yes, leaving the root password
> fields empty in the installer results in the first user account being in
> the sudo group.
Uh, really does it leave root account password-less? Or disables
logging in as root ?
--
/\ ___
Ralf Mardorf writes:
> bad luck, but not for me. If somebody would
> break my Linux, I would restore it from a backup.
I would not stay on this "not my problem" stance[*], and I would not
trust backups as an absolute safety.
> I don't understand why sudo should be less save.
Because its stand
* On 2013 10 Dec 10:12 -0600, Gian Uberto Lauri wrote:
> Nate Bargmann writes:
> > * On 2013 10 Dec 08:32 -0600, Gian Uberto Lauri wrote:
> >
> > > > If your complaint is simply that Debian even allows the option of a
> > > > single user account with sudo enabled rather than forcing separat
Nate Bargmann writes:
> * On 2013 10 Dec 08:32 -0600, Gian Uberto Lauri wrote:
>
> > > If your complaint is simply that Debian even allows the option of a
> > > single user account with sudo enabled rather than forcing separate root
> > > and user accounts, then even I would resist the re
* On 2013 10 Dec 08:32 -0600, Gian Uberto Lauri wrote:
> > If your complaint is simply that Debian even allows the option of a
> > single user account with sudo enabled rather than forcing separate root
> > and user accounts, then even I would resist the removal of the option.
> >
>
> Forgi
Nate Bargmann writes:
> * On 2013 10 Dec 05:10 -0600, Gian Uberto Lauri wrote:
> Have you filed a wishlist bug report against the sudo package explaining
> your concerns about the defaults and suggesting better defaults? It's
> not likely that the sudo package maintainer is reading this list
* On 2013 10 Dec 05:10 -0600, Gian Uberto Lauri wrote:
> That's the point. Current sudo default configuration is "bad". That
> 4does not means that the whole sudo program is bad (except that for
> Italian speakers it smells(*) :)). Does not add security but adds
> potential harms.
Have you filed a
On Tue, 2013-12-10 at 12:08 +0100, Gian Uberto Lauri wrote:
> Or not, at least until someone else wants your cpu-power, and in that
> case you could find yourself left with no other option that "cutting
> the cables" and reinstall.
It's not CPU power I would notice or that would cause issues. Many
Ralf Mardorf writes:
> On Tue, 2013-12-10 at 08:47 +0100, Gian Uberto Lauri wrote:
> > Ralf Mardorf writes:
> > > I know they hack servers, but was the Linux home PC of anybody on this
> > > list ever hacked?
> >
> > How could you detect? Are you sure you have the skills to detect this?
>
On Tue, 2013-12-10 at 08:47 +0100, Gian Uberto Lauri wrote:
> Ralf Mardorf writes:
> > I know they hack servers, but was the Linux home PC of anybody on this
> > list ever hacked?
>
> How could you detect? Are you sure you have the skills to detect this?
It's possible to e.g. monitor network tr
Andrei POPESCU writes:
> On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote:
> > Andrei POPESCU writes:
> > > On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
> > > >
> > > > sudo makes it a bit worse. Any user account opens the door to the root
> > > > account. Therefore you have t
Tom H writes:
> On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri wrote:
> > If some users needed to have the root power for a small set of
> > operation, then sudo would give them that extact power, no more no
> > less.
> >
> > What are the benefits of The "Macintosh/Ubuntu" use of sudo? I
Ralf Mardorf writes:
> On Mon, 2013-12-09 at 18:13 +0100, Gian Uberto Lauri wrote:
> > Think about this scenario: someone devises a clever way to slip a
> > Trojan in a user account.
>
> Than the trojan has got user privileges only. If it's a key logger it
> can read what password you type f
On Mon, Dec 9, 2013 at 10:38 PM, Lisi Reisz wrote:
> On Monday 09 December 2013 18:55:33 Tom H wrote:
Yes, I don't like it and always want a root password. As you
say, this is and has been contentious.
>>
>> Having a password for root and having sudo installed and set up
>> isn't an
On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote:
> Andrei POPESCU writes:
> > On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
> > >
> > > sudo makes it a bit worse. Any user account opens the door to the root
> > > account. Therefore you have to guard a larger perimeter.
> >
> > C
On Monday 09 December 2013 18:55:33 Tom H wrote:
> >> Yes, I don't like it and always want a root password. As you
> >> say, this is and has been contentious.
>
> Having a password for root and having sudo installed and set up
> isn't an either/or proposition.
We have already agreed surely that ho
On Mon, Dec 9, 2013 at 9:56 AM, Gian Uberto Lauri wrote:
> Andrei POPESCU writes:
>> On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
>>> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
>>> security? Are you kidding? Whatever the user I compromise I have root
>>> access
On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri wrote:
> Lisi Reisz writes:
>> On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
>>> If you look back in the mailing list archives you will find a
>>> recent discussion where there were some people who didn't like
>>> sudo. I was shocked by
On Mon, 2013-12-09 at 18:13 +0100, Gian Uberto Lauri wrote:
> Think about this scenario: someone devises a clever way to slip a
> Trojan in a user account.
Than the trojan has got user privileges only. If it's a key logger it
can read what password you type for sudo, but also what you type for su.
Andrei POPESCU writes:
> On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
> >
> > sudo makes it a bit worse. Any user account opens the door to the root
> > account. Therefore you have to guard a larger perimeter.
>
> Could you please elaborate on this? In Debian's default configuratio
On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
>
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.
Could you please elaborate on this? In Debian's default configuration
this is simply not true.
> > > Furth
2013-12-09 14:43 keltezéssel, Gian Uberto Lauri írta:
> > This is not true. Only the user account which is in /etc/sudoers can use
> > the sudo command. In Debian default it acutally means the members of the
> > sudo group.
>
> AFAIK it means "those listed in /etc/sudoers", according to the
>
John Hasler writes:
> Gian Uberto Lauri writes:
> > sudo makes it a bit worse. Any user account opens the door to the root
> > account. Therefore you have to guard a larger perimeter.
>
> Ubuntu grants sudo privileges only to the first user account created.
> As there is no root account, the
Nemeth Gyorgy writes:
> 2013-12-09 10:56 keltezéssel, Gian Uberto Lauri írta:
> > sudo makes it a bit worse. Any user account opens the door to the root
> > account. Therefore you have to guard a larger perimeter.
>
> This is not true. Only the user account which is in /etc/sudoers can use
>
Gian Uberto Lauri writes:
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.
Ubuntu grants sudo privileges only to the first user account created.
As there is no root account, there is just one account with root
privi
2013-12-09 10:56 keltezéssel, Gian Uberto Lauri írta:
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.
This is not true. Only the user account which is in /etc/sudoers can use
the sudo command. In Debian default it
Andrei POPESCU writes:
> On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
> >
> > What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
> > security? Are you kidding? Whatever the user I compromise I have root
> > access, just type "sudo bash".
>
> sudo doesn't make th
On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
>
> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
> security? Are you kidding? Whatever the user I compromise I have root
> access, just type "sudo bash".
sudo doesn't make this worse, just slightly easier. Compromising
Lisi Reisz writes:
> On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
> > If you look back in the mailing list archives you will find a
> > recent discussion where there were some people who didn't like
> > sudo. I was shocked by that because I always thought that most
> > people liked
On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
> On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
> > For me, I usually set up 'sudo su'
>
> sudo has the '-s' and '-i' switches, why mix with 'su'?
>
> Kind regards,
> Andrei
'sudo su' rolls off the fingers easier.
--
To UNSUBSCRI
1 - 100 of 106 matches
Mail list logo