Sudo

The_ouroboros · 2007-06-25 17:40:48

Is the use of sudo a good practise?
Is sudo system less secure then the classic root/user mode??

Tnks

tardo · 2007-06-25 17:54:59

I personally dont see the difference if you use ALL and NOPASSWD. You can use sudo to restrict to certain commands but that's as easy as adding groups.

The_ouroboros · 2007-06-25 17:55:49

tardo wrote:

I personally dont see the difference if you use ALL and NOPASSWD. You can use sudo to restrict to certain commands but that's as easy as adding groups.

so is safe?

tardo · 2007-06-25 18:01:50

sudo is as safe as the permissions you allow. It's essentially no difference from root at the basic level.

# rm -rf ~
$ sudo rm -rf ~

do not run the above commands!

both yield the same results. of course, sudo can be configured to prevent that...

In short, if you're asking if you should or should not use sudo, the answer is yes use sudo. It's good practice.

Last edited by tardo (2007-06-25 18:03:12)

fancris3 · 2007-06-25 18:03:03

Its more safe like classic root/user.wiki

finferflu · 2007-06-25 19:04:08

I actually don't see much difference between sudo and separate root/users accounts. Especially if I am the only user of my machine. On Ubuntu I could see the benefits of having my root account disabled when checking my auth.log. There was someone who insistently tried to log in as root via ssh, and failed in every attempt. Then s/he tried with so many different user names, but then s/he had to know my exact user name, which is much more difficult than knowing the root user name. I think that is one of the advantages of sudo. As for now I'm too lazy to set it up on Arch at the moment (since I would need to study sudo a bit more in depth) and the solution is to keep my ssh server a bit more secure.

Edit:
Well, the post above states the same things in a clearer manner I think.

Last edited by finferflu (2007-06-25 19:05:34)

tardo · 2007-06-25 19:20:36

That's why root login is disabled in sshd_config =/

Mefju · 2007-06-25 20:03:40

I think sudo is more comfortable than logging into root account everytime you want to run some commands with superuser privileges.

Kenetixx · 2007-06-25 21:36:18

I dont like sudo, feels unsafe to me, but it all comes down to personal choice really.

kano · 2007-06-26 01:05:53

I like using sudo over logging in as root (using su -c "cmd") because it remembers that I authenticated so long ago. It's also "safer" to me, because I have to type sudo when I want to do something as the superuser instead of accidently forgetting that I'm logged in as root and doing something.

finferflu · 2007-06-26 11:49:49

By the way, I tried to disable the password for sudo following the wiki, so my /etc/pam.d/sudo looks like this:

auth            required        pam_unix.so
auth            required        pam_nologin.so
auth            sufficient      pam_wheel.so trust use_uid

since the wiki said to add the line

auth            sufficient      pam_wheel.so trust use_uid

to that file. But it's not working. Did I misunderstand something?

hussam · 2007-06-26 13:03:05

Kenetixx wrote:

I dont like sudo, feels unsafe to me, but it all comes down to personal choice really.

I tend to agree with you. I never liked sudo. The idea of a normal user being given the ability to run commands with administrative privileges using his/her own password reminds me a lot of windows. Sudo is definitely against my understanding of the Unix/Linux philosophy.

Cerebral · 2007-06-26 13:49:06

hussam wrote:

The idea of a normal user being given the ability to run commands with administrative privileges using his/her own password reminds me a lot of windows. Sudo is definitely against my understanding of the Unix/Linux philosophy.

Though, how is that any worse than giving a normal user your root password? With sudo you can give fine-grained control, if necessary; IMO it doesn't make anything less secure as it still needs to be explicitly set up by an existing administrator (default deny) - unlike Windows where constant Administrator privelages are essentially forced on any user that wants their OS to run properly (default allow).

I don't see how sudo myapp is any less secure, or desirable, than su -c myapp.

smoon · 2007-06-26 14:26:28

tardo wrote:

[...]
# rm -rf ~
$ sudo rm -rf ~
do not run the above commands!
both yield the same results. [...]

Actually that's not quite right (assuming the command with the # in front is being executed as user root and the other one as ordinary user). The first one will delete the home directory of root, while the second one will remove the homedir of the user currently logged in (not root). I.e. both will delete the homedir of the currently logged in user.

tardo · 2007-06-26 14:30:20

i actually had that as rm -rf / at first, but changed it just in case someone was stupid enough to try...

skymt · 2007-06-26 14:48:43

The universal timeout feature of sudo is a potential security risk:
* An attacker convinces the user to run some code
* The code forks a new process that runs in the background
* The new process loops, attempting to run a command with sudo every few minutes
* Next time the user uses sudo, the timeout period is started
* The malicious code successfully runs the command as root

It's 'just' a privilege-escalation attack, but it's worrying enough that I've disabled the timeout completely in my sudo configuration file. It would be a bigger risk on a public computer running a distro like Ubuntu (with a one-user sudo-based security model), allowing anyone who uses it to get root fairly easily (running, for example, a root shell connected to netcat) unless it's completely locked down to disallow execution of any unknown programs.

The_ouroboros · 2007-06-26 14:55:06

skymt wrote:

The universal timeout feature of sudo is a potential security risk:
* An attacker convinces the user to run some code
* The code forks a new process that runs in the background
* The new process loops, attempting to run a command with sudo every few minutes
* Next time the user uses sudo, the timeout period is started
* The malicious code successfully runs the command as root
It's 'just' a privilege-escalation attack, but it's worrying enough that I've disabled the timeout completely in my sudo configuration file. It would be a bigger risk on a public computer running a distro like Ubuntu (with a one-user sudo-based security model), allowing anyone who uses it to get root fairly easily (running, for example, a root shell connected to netcat) unless it's completely locked down to disallow execution of any unknown programs.

how you did it?

dolby · 2007-06-26 14:56:00

u might want to read this

Kenetixx · 2007-06-26 16:37:10

dolby wrote:

u might want to read this

Interesting read, but ill stick with SU as i tend to break my system alot and SU is easier.

gbrunoro · 2007-06-26 16:49:32

sudo or sudo su, it saves me typing time

skymt · 2007-06-26 16:59:27

The_ouroboros wrote:

skymt wrote:
I've disabled the timeout completely in my sudo configuration file.
how you did it?

1. Log in as root (su, sudo -s, whatever).
2. # cp /etc/sudoers /etc/sudoers.temp
3. Edit /etc/sudoers.temp with your favorite editor
4. Add this line under the "Defaults specification" comment:

Defaults    timestamp_timeout=0

5. Save the file, quit your editor
6. # visudo -c -f /etc/sudoers.temp
7. # mv -f /etc/sudoers.temp /etc/sudoers

This method of editing the file is more convoluted than it needs to be, but sudo breaks if there's an error in the sudoers file, so it's best to err on the side of caution.

You can set timestamp_timeout to any integer. Positive numbers indicate how long the timestamp lasts, negative numbers make it last forever.

EDIT: Step 6 is unclear, so I'll explain. visudo is a command to edit the sudoers file and check the syntax afterwards to make sure sudo doesn't break. It doesn't respect your choice of editors, forcing you to use vi unless you set a different editor in the sudoers file (sort of a catch-22). I prefer to copy my sudoers file to a temporary location, edit it, then use visudo to check the syntax. -c means just check the syntax, don't edit the file, and -f points visudo to your temporary sudoers file rather than the default.

Last edited by skymt (2007-06-26 17:07:03)

pelle.k · 2007-06-26 17:08:47

This is ridiculous! Some of you don't seem to understand the purpose of sudo, even though it explicitly says it's main purpose is to elevate a normal user to a _preconfigured_ number of tasks that doesn't necessarily have to be root access to anything! If you give sudo access to everything, suit yourself.
wheel != sudo.

Ultimately sudo will let a user do "something", without giving him/her your root password. How can that possibly be a bad thing? In the end, _you_ the administrator will set the limits of what, so it's not like your're handing over your car keys...

dolby · 2007-06-26 18:35:41

Kenetixx wrote:

dolby wrote:
u might want to read this
Interesting read, but ill stick with SU as i tend to break my system alot and SU is easier.

i dont use sudo either

KerowynM · 2007-06-26 22:33:23

It's not a question on whether or not it's secure, it's how secure it is compared to the alternative.

If you are using sudo to avoid logging in as root, then it is more secure. If you are using sudo to give root access to a user, then it is less secure. The joy of sudo is it allows you to plug around as a regular user, and if you type in a command that doesn't take due to privileges, you just need to add sudo to the beginning to carry it out. That is one last chance to make sure what you typed was what you meant. If you are plugging along with su or logged in as root, you get no second chances.

If you are the type to mentally 'auto-add' sudo to the beginning of commands that require it, then it is not very secure at all.

Also, using sudo you double your vulnerability to a password attack, as an attacker has 2 passwords to choose from for root access.

Still, I'd rather sudo everything then get careless and 'rm -rf / oops/that/was/a/space' with no safety net.

Edit: Also, sudo doesn't replace su, it compliments it. I often su from my wife's account into my own, and then use sudo (My wife is not in wheel)

Last edited by KerowynM (2007-06-26 22:37:16)

Ramses de Norre · 2007-06-26 22:39:45

KerowynM wrote:

Also, using sudo you double your vulnerability to a password attack, as an attacker has 2 passwords to choose from for root access.

Not if you disable root login, then the attacker needs username + password instead of only root password.

Arch Linux

#1 2007-06-25 17:40:48

Sudo

#2 2007-06-25 17:54:59

Re: Sudo

#3 2007-06-25 17:55:49

Re: Sudo

#4 2007-06-25 18:01:50

Re: Sudo

#5 2007-06-25 18:03:03

Re: Sudo

#6 2007-06-25 19:04:08

Re: Sudo

#7 2007-06-25 19:20:36

Re: Sudo

#8 2007-06-25 20:03:40

Re: Sudo

#9 2007-06-25 21:36:18

Re: Sudo

#10 2007-06-26 01:05:53

Re: Sudo

#11 2007-06-26 11:49:49

Re: Sudo

#12 2007-06-26 13:03:05

Re: Sudo

#13 2007-06-26 13:49:06

Re: Sudo

#14 2007-06-26 14:26:28

Re: Sudo

#15 2007-06-26 14:30:20

Re: Sudo

#16 2007-06-26 14:48:43

Re: Sudo

#17 2007-06-26 14:55:06

Re: Sudo

#18 2007-06-26 14:56:00

Re: Sudo

#19 2007-06-26 16:37:10

Re: Sudo

#20 2007-06-26 16:49:32

Re: Sudo

#21 2007-06-26 16:59:27

Re: Sudo

#22 2007-06-26 17:08:47

Re: Sudo

#23 2007-06-26 18:35:41

Re: Sudo

#24 2007-06-26 22:33:23

Re: Sudo

#25 2007-06-26 22:39:45

Re: Sudo

Board footer