Re: [orca-list] Root sudo gksudo confusion

On Mon, 8 Dec 2008, Scott Berry wrote:

Best practices tell us that yes it's good to have a limited acount but
in Ubuntu if I understand correctly your root and user accounts are
actually tied together.  Some one correct me if I am wrong please.

You are wrong.  Consider yourself corrected.:)

One can not "tie together" accounts in Linux.

There is a root account.
There is a normal user account, created as part of the install process.
That normal user account is a member of many administrative groups, so if 
those groups are authorized to do various things, then the user account 
will be authorized to do those things.
This is not at all abnormal, and groups have been used in this way since 
long before anyone using Unix heard of Ubuntu.

Thype this only if you want to change the way the root password is
accessed otherwise it's best to leave this at default if your not
familiar with Linux:

sudo root passwd

That does nothing--"root" is not a command.  "sudo passwd" is the correct 
command for what you are explaining.  You were probably thinking of "sudo 
-u root passwd", but since "root" is the assumed user in default 
configurations of sudo, that is redundant.

It does not change the way "your root password is accessed"--it sets or 
changes a password on your root account.

Okay, so here's the deal.

The sudo command, causes the command following it (such as "passwd" in the 
above example) to be run as the root, or administrative, user.
So, "sudo reboot" will reboot your system, which you may not be able to do 
as a normal user.

This allows you to run commands as root *only* when you need to, without 
having to log in as root, or start a root shell with "su", in which case 
you might do some damage by forgetting who and where you are.  (Yes, the 
most experienced users have done it)

If you really do need a root shell for something, running "sudo bash" will 
get you one, as will "sudo su -", although that is longer, and most of the 
time shouldn't make any difference.

(Simply all I am doing is changing the password but I am also getting
rid of the sudo and I can just su in to my account, some people probably
believe this is more unsecure but I prefer it)

You haven't gotten rid of the sudo, you have just made it possible to use 
su and a root password to become root, or to log in as root directly.

Sudo still works exactly as it did before.

You have damaged the security of your system, however, because now you 
have enabled people to login directly as root with a password.  If you 
have to give someone else access to a single administrative command, you 
now have to give them full root access in order to do it.
One of the values of sudo, is that you can give a user permission to run a 
single command or a few commands as root.  That user could then run "sudo 
mount" to mount certain drives, or maybe "sudo /etc/init.d/apache2" to 
start, stop, or reload the web server, etc..  Such users will not be able 
to shut down the system, get a root shell, or view other users' data, and 
they will not need to know the root password--all they need is their own 
password, and really why should they have to know another password when 
all they want to do is something slightly administrative?

You can still do all of that with sudo after you have enabled the root 
account's password as Scott describes, but unless there is a good reason 
for it (swat, for example), why bother?  It is trivially easy for the main 
system user, and anybody else he likes, to get a root shell with "sudo 
bash" or "sudo su" or the like.

There are more security implications: say that one of the users on your 
system has a simple password, and someone cracks their way in?  They can 
then sit there with a dictionary cracking tool, and plug away at your root 
password until they gain full administrative access to your system.
If you're using sudo, however, and haven't enabled a root password, they 
can not do this, provided that the regular user they cracked, does not 
have any sudo permissions, or has limited permissions.

Then too, is the idea of external cracking: every Linux system has a root 
user, so of course it is the most often targeted account.  If it has a 
password, the chances increase that it can be broken into by someone from 
outside who breaches your security.

Again if you like the security don't use this but for me it keeps the
root and the normal user password separated.  I also like su much better
than sudo.

May I ask why?

I was a user of su for years.  I only heard of sudo when I started using 
Ubuntu about 4 years ago, and found no reason to use su since then, except 
in very specialized applications, or for becoming another user from 
within a root shell.
None of my personal systems have enabled root passwords, and probably98% 
of my servers have no root password either.
I am curious as to your reasoning.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]