Newbie trying to access SU in Ubuntu
in [General Linux]
|
Prev: NYC LOCAL: Tuesday 16 February 2010 Hack Fests: Perl Seminar and NYLUG Squeak
Next: Basic Ubuntu Curiosity Questons
From: Rahul on 17 Feb 2010 22:17 Robert Heller <heller(a)deepsoft.com> wrote in news:DuidnTmW59w9zuHWnZ2dnUVZ_gGdnZ2d(a)posted.localnet: > The same reason wood stoves are not made out of wood or include > seats... > > With sudo set up, there is no reason to ever log in as root. The > Ubuntu people figured that if root had an actual password, newbies > would log in as root and go web surfing or something. The war Ubuntu > is setup, you cannot do that. Instead, anything that does need > privilege requires the user to enter *his* (or her) password at a > special prompt -- eg firing up a Terminal and doing 'sudo <mumble>' or > launching a GUI app using gksudo or something like that. > Wow! I didn't realize this was such a controversial topic. Let me clarify: I wasn't saying one has to surf the web and do day-to-day stuff as root. But let's say a user once in a while needs to, say, create a new mount point. Or restart a service. Or change an iptables entry. Why not then just "su -" make the change and log out. How is this workflow any more dangerous than "sudo foo_dangerous_operation"? To me the main reason to use sudo always seemed to be to delegate a subset of tasks that normally required root previlages to a ordinary user. On a multi-user multi-admin server say someone controls httpd or another guy something else etc. Sort of creating tiny less-powerful mini-roots. But it still means there is at least one person who is "all powerful" "root". If one gets used to doing "sudo foo" every so often it's likely that one stops thinking about that and it becomes a reflex action. So then one is as likely to do mistakes without realizing it. Analogies: (a) Aliasing rm to "rm -i". I got conditioned in a month to always type "rm -f foobar" (b) The annoying Windoze habit of asking a y/n for every small thing. By default I press the y without even thinking Just my thoughts.... -- Rahul
From: Rahul on 17 Feb 2010 22:24 Robert Heller <heller(a)deepsoft.com> wrote in news:DuidnTmW59w9zuHWnZ2dnUVZ_gGdnZ2d(a)posted.localnet: > The way sudo is 'safer' in that it is a privilege-on-demand sort of > thing: Yes, but that's like security by obscurity. If the privilage demander and privalage granter are the same what's the point in making him beg each time. >you do a privileged thing rarely and each time you enter a > password. You won't be logged in at privileged state and do stuff > that does not need privilege. This avoids accidents and what not. By that extension soon ubuntu might be making user solve captchas (or worse) to do tasks needing previlage escalation. -- Rahul
From: Keith Keller on 17 Feb 2010 22:47 On 2010-02-18, unruh <unruh(a)wormhole.physics.ubc.ca> wrote: > > Actually you have become arrogant with knowledge. If you are a naive > user, what do you google for? Recall that it is passwd, not password ( > which is the what most people would associate with passwords). I'm not impressed with this argument. The naive Ubuntu user might enter this query: http://www.google.com/search?q=administrator+password+ubuntu Even this: http://www.google.com/search?q=+password+ubuntu gets you to what you need if you have no idea what the admin account is named. If that's arrogance, I'm content with the label. --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: Keith Keller on 17 Feb 2010 22:52 On 2010-02-18, Rahul <nospam(a)nospam.invalid> wrote: > > But let's say a user once in a while needs to, say, create a new mount > point. Or restart a service. Or change an iptables entry. Why not then > just "su -" make the change and log out. How is this workflow any more > dangerous than "sudo foo_dangerous_operation"? Two reasons: --you've just typed in the root password; if someone has installed a keyboard sniffer they now have the root password. (Yes, if you do sudo blah they've sniffed your own password and can do sudo su and accomplish the same thing.) --More importantly, su - leaves open a root shell, wherein you might accidentally type in a dangerous command. sudo foo brings you back to a normal shell, where you'd need to sudo again to type in a dangerous command. That said, I generally su -, and log out as soon as I'm done. > To me the main reason to use sudo always seemed to be to delegate a > subset of tasks that normally required root previlages to a ordinary > user. On a multi-user multi-admin server say someone controls httpd or > another guy something else etc. Sort of creating tiny less-powerful > mini-roots. But it still means there is at least one person who is "all > powerful" "root". There can always be one person who is root without needing the root password, if that person can sudo su. > (a) Aliasing rm to "rm -i". I got conditioned in a month to always type > "rm -f foobar" I always unalias rm rather than allow myself to be conditioned. > (b) The annoying Windoze habit of asking a y/n for every small thing. By > default I press the y without even thinking Example (besides rm -i)? I don't know many utilities and programs I use on a regular basis that have excessive prompting. --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: Aragorn on 18 Feb 2010 02:18
On Wednesday 17 February 2010 22:46 in comp.os.linux.misc, somebody identifying as Robert Heller wrote... > The real question is not 'WHat's the reason not to set a root > password?', but 'WHat's the reason TO to set a root password?'. The use of /sudo/ with the user's own password or eventually without a password is actually a security risk. If your user account is compromised, this will allow the attacker to obtain root privileges instantly by invoking... sudo su - Presto, you have a root shell. Set a root password and set up /sudo/ to require the root password (or abandon /sudo/ in favor of /su/ instead), and suddenly the attacker needs to guess an extra password. The good thing about /sudo/ is that it offers some rudimentary role-based access control. You can define what privileged commands (or what commands executed as a different unprivileged user) a regular user account has at their disposal via /sudo/ without having to give them complete root access. In my humble opinion, this role-based access control was probably what /sudo/ was developed for in the first place. Most distributions however do it all wrong and default to /sudo/ as a replacement for /su/ while they at the same time also set up unprivileged user accounts with lots of privileged commands via the policykit. No password needed in order to issue... reboot halt poweroff suspend .... et al. Sure, there are arguments in favor of that - one of them being that these commands should normally only be available to the user sitting at the local console, and surely, a laptop isn't a server either. My approach has for a long time already always been to disable all direct root logins, both at the local console and remotely, and to force the use of /su/ - which is only available (if properly configured) to the users in the "wheel" group. Personally, I think that Ubuntu and siblings, considering that they are primarily aimed at the newbie, may not be so terribly evil in their way of setting up /sudo/ because then at the very least, they are familiarizing the user with the fact that some things do take elevated privileges and that a normal user account does not have these. Yet, there should be proper documentation supplied with the system on how the /sudo/ approach in these particular distributions is only intended to familiarize the newbie with the concepts of UNIX, and that for good measure, they should change the security implementations on their systems - preferably with accompanying instructions - once they'll have become more experienced. (Note: Just like Google should tell Google Groups users that Google Groups is not Usenet, but only an interface to it. Omission of documentation or information can be a form of "telling a lie", because this omission can lead to a totally erroneous understanding of the concepts. I believe that /sudo/ should be documented similarly in distributions such as Ubuntu which use the mechanism as their default for executing privileged tasks.) Just my two cents. -- *Aragorn* (registered GNU/Linux user #223157) |