Death of Sudoers ?

[Tony]

I'd been meaning to ask what is the difference between su, and sudo.

Reading this thread, and OP's description:
http://www.pclinuxos.com/forum/index.php/topic,90479.0.html
...has cleared that up, and put a note in my mind to study further.
From above link, posted by OP:

Sudo, when used ITMOTB, gives blanket, unlimited root privileges to a normal user, who can then literally run as root using his own normal user's password; there being no specific root password set, effectively the normal user's password becomes the root password, thereby removing an entire layer of Linux system security. (the separation of all normal users from the root user) This is the abuse of sudo we speak of. We feel that it is totally irresponsible, and it is that which we refuse to support.

Great to have such info on hand for bookmarking.
Really all I know is to not under normal situations login as root, as this is Admin mode, if I may call it that. With such elevated privileges anyone can take over as Admin, or as I should say root. Every User is root. Im just a single User, and just use 'su' when needed.

I told someone today at a general forum, who was worried about not having a AntiVirus software installed on their UBuTO system that really they were mainly vulnerable if running as root.
So now I see that sudo is used on such systems as (UBuTO) they were obviously alluding that they were using sudo, and worried doing so.

I think I learnt a few things, thanks for the passion. Passion is good; after all it's a debate that needed to be had, at this time, and probably at a later time 
I'll learn more each day; going out of my way to lessen security sounds like a bad move, although as pointed out it is appropriate to do so on some ocassions.

Honestly I only really feel safe gleaning info from this Forum.

[alex]

That sounds a bit extreme. As pointed out by O-P in the post he linked to in his first reply sudo does have legitimate uses in any Linux system, at least if you have several users and need to give some of them limited administrative rights.

The command is meant to enhance your security, as the proper use of it means that you don't have to give the root password to everyone that otherwise would need it. Nevertheless, the way it is used in some distros reduces your security instead. But that doesn't make the proper use of sudo less legitimate. It's the buntu way that is insecure, dangerous and generally irritating.

That sounds a bit extreme.
+1

[RobNJ]

To paraphrase the old question:

"Is it illegal to shout 'SUDO" in a crowded PCLOS forum?"  


*runs outta THIS thread, REAL FAST!!!*  

[MtnMan]

It seems like the bottom line to the objections to sudo is that its use could make my computer less secure?

Well something along those lines has been on my mind for awhile:

The boot menu has a few options and if I arrow down to failsafe and boot into the console and type startx, I move to a familiar place.  I can then start network connection, open synaptic and install/remove/update.  I can open a terminal type su and I am root doing whatever I want as root.  I don't know anything about installing a rootkit, and I would not want to type something like "sudo rm -rf /" - but I could.  And the whole time I was never asked for any password - not even user.

I didn't realize that anything was less secure than doing this.

[Bald Brick]

It seems like the bottom line to the objections to sudo is that its use could make my computer less secure?

Well something along those lines has been on my mind for awhile:

The boot menu has a few options and if I arrow down to failsafe and boot into the console and type startx, I move to a familiar place.  I can then start network connection, open synaptic and install/remove/update.  I can open a terminal type su and I am root doing whatever I want as root.  I don't know anything about installing a rootkit, and I would not want to type something like "sudo rm -rf /" - but I could.  And the whole time I was never asked for any password - not even user.

I didn't realize that anything was less secure than doing this.

Well, your starting the network connection in safe mode, i.e. as root - that was certainly less than prudent.  

And this, I suppose is the main point. If you have physical access to a computer, and if you can boot it in safe mode - or from a live CD - or if you can move the hard drive to another box, then the computer is not safe from you. (If the partitions on the hard drives are encrypted, you may not be able to decipher any data though.)

But that doesn't mean that you should heedlessly surf the Net as root or as a sudoer with overly broad rights.



P.S. I don't think "rm -rf /" will work whether you run it with sudo or not - or even as root - but at the moment I'm not crazy enough to test it on my working system....

[Rudge]

It seems like the bottom line to the objections to sudo is that its use could make my computer less secure?

Well something along those lines has been on my mind for awhile:

The boot menu has a few options and if I arrow down to failsafe and boot into the console and type startx, I move to a familiar place.  I can then start network connection, open synaptic and install/remove/update.  I can open a terminal type su and I am root doing whatever I want as root.  I don't know anything about installing a rootkit, and I would not want to type something like "sudo rm -rf /" - but I could.  And the whole time I was never asked for any password - not even user.

I didn't realize that anything was less secure than doing this.

If you were logged in as root, why would you use the "sudo" command without the -u option?  

[Old-Polack]

It seems like the bottom line to the objections to sudo is that its use could make my computer less secure?

Well something along those lines has been on my mind for awhile:

The boot menu has a few options and if I arrow down to failsafe and boot into the console and type startx, I move to a familiar place.  I can then start network connection, open synaptic and install/remove/update.  I can open a terminal type su and I am root doing whatever I want as root.  I don't know anything about installing a rootkit, and I would not want to type something like "sudo rm -rf /" - but I could.  And the whole time I was never asked for any password - not even user.

I didn't realize that anything was less secure than doing this.

If you were logged in as root, why would you use the "sudo" command without the -u option?  

If logged in as root, why use sudo at all?  

[Rudge]

It seems like the bottom line to the objections to sudo is that its use could make my computer less secure?

Well something along those lines has been on my mind for awhile:

The boot menu has a few options and if I arrow down to failsafe and boot into the console and type startx, I move to a familiar place.  I can then start network connection, open synaptic and install/remove/update.  I can open a terminal type su and I am root doing whatever I want as root.  I don't know anything about installing a rootkit, and I would not want to type something like "sudo rm -rf /" - but I could.  And the whole time I was never asked for any password - not even user.

I didn't realize that anything was less secure than doing this.

If you were logged in as root, why would you use the "sudo" command without the -u option?  

If logged in as root, why use sudo at all?  

Well, you could create files with limited permissions. It's a bit easier than creating them and then changing the permissions 

It's a "reach",, I know. 

[MtnMan]

If you were logged in as root, why would you use the "sudo" command without the -u option?  

You are paying attention - I just copied a line from Archie's post without care.

It seems like the bottom line to the objections to sudo is that its use could make my computer less secure?

Well something along those lines has been on my mind for awhile:

The boot menu has a few options and if I arrow down to failsafe and boot into the console and type startx, I move to a familiar place.  I can then start network connection, open synaptic and install/remove/update.  I can open a terminal type su and I am root doing whatever I want as root.  I don't know anything about installing a rootkit, and I would not want to type something like "sudo rm -rf /" - but I could.  And the whole time I was never asked for any password - not even user.

I didn't realize that anything was less secure than doing this.

Well, your starting the network connection in safe mode, i.e. as root - that was certainly less than prudent.  

And this, I suppose is the main point. If you have physical access to a computer, and if you can boot it in safe mode - or from a live CD - or if you can move the hard drive to another box, then the computer is not safe from you. (If the partitions on the hard drives are encrypted, you may not be able to decipher any data though.)

But that doesn't mean that you should heedlessly surf the Net as root or as a sudoer with overly broad rights.



P.S. I don't think "rm -rf /" will work whether you run it with sudo or not - or even as root - but at the moment I'm not crazy enough to test it on my working system....

Jeesh this is not something I do.

Sorry guys - I didn't express properly.  The only point was that anyone with Linux knowledge has full root access to my machine - yes they have to have physical presence (I assume).  I have the W os on a machine and I have no idea how someone could log on as an administrator like this.  I certainly have not stumbled upon that so easily.

[Rudge]

If you were logged in as root, why would you use the "sudo" command without the -u option?  

You are paying attention - I just copied a line from Archie's post without care.

It seems like the bottom line to the objections to sudo is that its use could make my computer less secure?

Well something along those lines has been on my mind for awhile:

The boot menu has a few options and if I arrow down to failsafe and boot into the console and type startx, I move to a familiar place.  I can then start network connection, open synaptic and install/remove/update.  I can open a terminal type su and I am root doing whatever I want as root.  I don't know anything about installing a rootkit, and I would not want to type something like "sudo rm -rf /" - but I could.  And the whole time I was never asked for any password - not even user.

I didn't realize that anything was less secure than doing this.

Well, your starting the network connection in safe mode, i.e. as root - that was certainly less than prudent.  

And this, I suppose is the main point. If you have physical access to a computer, and if you can boot it in safe mode - or from a live CD - or if you can move the hard drive to another box, then the computer is not safe from you. (If the partitions on the hard drives are encrypted, you may not be able to decipher any data though.)

But that doesn't mean that you should heedlessly surf the Net as root or as a sudoer with overly broad rights.



P.S. I don't think "rm -rf /" will work whether you run it with sudo or not - or even as root - but at the moment I'm not crazy enough to test it on my working system....

Jeesh this is not something I do.

Sorry guys - I didn't express properly.  The only point was that anyone with Linux knowledge has full root access to my machine - yes they have to have physical presence (I assume).  I have the W os on a machine and I have no idea how someone could log on as an administrator like this.  I certainly have not stumbled upon that so easily.

I think a discussion about "W's" security vs Linux is, first of all, a dead horse but more importantly has nothing to do with "sudo".    

[MtnMan]

I think a discussion about "W's" security vs Linux is, first of all, a dead horse but more importantly has nothing to do with "sudo".   

You are correct and I will never say I am unhappy with Linux v W in that respect.  I would feel more comfortable if that safemode required some kind of password though.

[kjpetrie]

The whole point of single user mode (safe mode) is that you don't need a password. Its purpose is to repair a machine whose password validation is broken or which has some other drastic fault. It's a dreadful environment to work in as you have only one screen and that's text-only. If you manage to start X you will still be in a seriously limited environment.

Anyone who has physical access to the machine can always get access. They can take it apart or boot it from a livecd. They can reset any BIOS password. They can do anything. Having a menu entry which doesn't need a password just makes it quicker. If you don't like that, edit /boot/grub/menu.lst and remove it. You can always open another menu entry for editing and put a 1 on the end of the line anyway!

When we speak of security we usually mean online security. I can see the problem however in, say, a family or school setting. You don't give a delinquent teenager the root password, so he reboots into single user and resets it to something only he knows and suddenly he can do anything and you can't  - at least until you repeat his trick.

You would probably need to disable the pword command in such a setting, or configure grub so it can't be edited on the fly if that's possible.

[AS]

EDIT: kjpetrie has been faster 

I think a discussion about "W's" security vs Linux is, first of all, a dead horse but more importantly has nothing to do with "sudo".   

You are correct and I will never say I am unhappy with Linux v W in that respect.  I would feel more comfortable if that safemode required some kind of password though.

You can overcame the password request and access the HD disk content simply using a LiveCD or a LiveUSB, being a Linux or Windows machine. Therefore the Windows always required password, even when booting in safe mode, can be bypassed very easily. The only real protection could come from an encrypted disk.

Also, you can modify a single entry in /etc/inittab and you system will require the password when booting in safe-mode:
from:

# Single user mode
~~:S:wait:/bin/sh

to:

# Single user mode
~~:S:respawn:/sbin/mingetty /dev/console

AS

[AS]

P.S. I don't think "rm -rf /" will work whether you run it with sudo or not - or even as root - but at the moment I'm not crazy enough to test it on my working system....

I am!  and you are correct!

# rm -rfv /
rm: it is dangerous to operate recursively on `/'
rm: use --no-preserve-root to override this failsafe

let see this one (option -v added for more fun):

[root@localhost ~]# rm -rfv --no-preserve-root /
...
...
rm: cannot remove `/sys/module/snd_usb_audio/sections/.rodata.str1.4': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/.altinstructions': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/__param': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/__mcount_loc': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/.smp_locks': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/.data': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/.gnu.linkonce.this_module': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/.bss': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/.symtab': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/sections/.strtab': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/notes/.note.gnu.build-id': Operation not permitted
rm: cannot remove `/sys/module/snd_usb_audio/drivers/usb:snd-usb-audio': Operation not permitted
rm: cannot remove `/sys/block/ram0': Operation not permitted
rm: cannot remove `/sys/block/ram1': Operation not permitted
rm: cannot remove `/sys/block/ram2': Operation not permitted
rm: cannot remove `/sys/block/ram3': Operation not permitted
rm: cannot remove `/sys/block/ram4': Operation not permitted
rm: cannot remove `/sys/block/ram5': Operation not permitted
rm: cannot remove `/sys/block/ram6': Operation not permitted
rm: cannot remove `/sys/block/ram7': Operation not permitted
rm: cannot remove `/sys/block/ram8': Operation not permitted
rm: cannot remove `/sys/block/ram9': Operation not permitted
rm: cannot remove `/sys/block/ram10': Operation not permitted
rm: cannot remove `/sys/block/ram11': Operation not permitted
rm: cannot remove `/sys/block/ram12': Operation not permitted
rm: cannot remove `/sys/block/ram13': Operation not permitted
rm: cannot remove `/sys/block/ram14': Operation not permitted
rm: cannot remove `/sys/block/ram15': Operation not permitted
rm: cannot remove `/sys/block/sda': Operation not permitted
rm: cannot remove `/sys/block/sr0': Operation not permitted
removed directory: `/lost+found'
[root@localhost ~]#

I still have a prompt ...

[root@localhost ~]# ls
-bash: ls: command not found
[root@localhost ~]#

... of course, /bin/ls has been removed ...

let see my home-made bash built-in ls:

[root@localhost ~]# set *
[root@localhost ~]# echo $*
*
[root@localhost ~]#

what remained ?

[root@localhost /]# cd /
[root@localhost /]# set *
[root@localhost /]# echo $*
dev home proc sys
[root@localhost /]#

see ? something still exists ...

Have fun! 

AS

[Just17]

crazy is correct!