Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Sudo makes me feel stupid some times...
New Posts  All Forums:Forum Nav:

Sudo makes me feel stupid some times... - Page 2

post #11 of 43
Quote:
Originally Posted by ch_123 View Post
A few reasons -

1) Prevents someone getting root access on your machine if you happen to leave it unlocked.
2) Forces you to think about what is going on. With the Windows UAC, it's very simple to just keep click "Yeah, please go away" without thinking about what is causing that window to come up.



Some distros lock down su by default, such as Ubuntu (I think OS X does it too). The advantage of sudo is that you cut down on situations where you forget you are logged in as root, and then do something really bad thinking that you were logged as a regular user. Of course, if you use sudo su, this is negated.
I meant to say sudo should ask for the password of whatever user you are wanting to run as rather than your own.
post #12 of 43
Quote:
Originally Posted by evermooingcow View Post
I meant to say sudo should ask for the password of whatever user you are wanting to run as rather than your own.
sorta defeats the purpose of sudo then doesn't it?
Bazinga Punk
(12 items)
 
ooh shiny!
(6 items)
 
 
CPUMotherboardGraphicsRAM
Intel Xeon 3440 AsRock P55 extreme Evga 8800 GT 512 MB Gskill Ripjaws 
Hard DriveCoolingOSMonitor
Western Digital Blue Antec Khuler 620 Ubuntu 11.10 Asus vw264H 
KeyboardPowerCaseMouse
GIGABYTE KM7600 CORSAIR TX 650 Cooler Master 590 GIGABYTE GM-M6800 
CPUMotherboardGraphicsRAM
Intel Core I5 6500 Gigabyte z170xp-SLI Nvidia 970gtx Corsair 16gb ddr4 2666mhz  
Hard DriveOS
250gb Samsung Evo 850 Windows 10 & Ubuntu 15.10 
  hide details  
Reply
Bazinga Punk
(12 items)
 
ooh shiny!
(6 items)
 
 
CPUMotherboardGraphicsRAM
Intel Xeon 3440 AsRock P55 extreme Evga 8800 GT 512 MB Gskill Ripjaws 
Hard DriveCoolingOSMonitor
Western Digital Blue Antec Khuler 620 Ubuntu 11.10 Asus vw264H 
KeyboardPowerCaseMouse
GIGABYTE KM7600 CORSAIR TX 650 Cooler Master 590 GIGABYTE GM-M6800 
CPUMotherboardGraphicsRAM
Intel Core I5 6500 Gigabyte z170xp-SLI Nvidia 970gtx Corsair 16gb ddr4 2666mhz  
Hard DriveOS
250gb Samsung Evo 850 Windows 10 & Ubuntu 15.10 
  hide details  
Reply
post #13 of 43
Quote:
Originally Posted by ch_123 View Post
A few reasons -

1) Prevents someone getting root access on your machine if you happen to leave it unlocked.
2) Forces you to think about what is going on. With the Windows UAC, it's very simple to just keep click "Yeah, please go away" without thinking about what is causing that window to come up.

Some distros lock down su by default, such as Ubuntu (I think OS X does it too). The advantage of sudo is that you cut down on situations where you forget you are logged in as root, and then do something really bad thinking that you were logged as a regular user. Of course, if you use sudo su, this is negated.
I know there are some heavy hitters out there that use sudo but I hate it. Knowing whether your running as user or root seems essential to me. Sudo negates this for convenience sake and as far as I'm concerned compromises security almost to the level of XP.

In CLI most consoles show you that you are root at the prompt. If not, I don't use them. Xapps can be setup with different themes so at a glance you know who you are. The juice ain't worth the squeeze IMHO.
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Gigabyte GTX 760  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14, Studio KUbuntu, OpenSuSe 12.3, Wi... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Gigabyte GTX 760  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14, Studio KUbuntu, OpenSuSe 12.3, Wi... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #14 of 43
I actually don't use sudo much either. I use it on my laptop so that I can run shutdown and hibernate without a password.

Quote:
Originally Posted by transhour View Post
sorta defeats the purpose of sudo then doesn't it?
If you're allowing passwd and visudo through sudo as above isn't it the same as giving out your root password?
post #15 of 43
Thread Starter 
i basically really only use sudo if im doing ONE command that needs root permission... otherwise if i really need root permission i su but with debian distros locking down the root account with a random password by default... its kinda cool there is a few fixes to use your sudo account to basically hack your root account lol

sudo su is just one i thought was funny and VERY convenient way to su that way you only really need your one user password to do admin actions on your computer instead of possibly compromising your root account by setting up a password and using it.... although it really is no different with sudo accounts being able to do so much lol

sudo passwd root is a very nice way to get around the random password that it sets for you on debian distros though
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
post #16 of 43
In sudo we trust...
po-ta-toe
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600 DH67CL Radeon HD 6850 Mix-a-match 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 EVO Western Digital Blue Western Digital Green LG Multi-write DVD-ROM 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 EVO Manjaro i3 Community Edition Samsung TV Steelseries 6Gv2 
PowerCaseMouse
No name 550kW Circle Steelseries Sensei 
  hide details  
Reply
po-ta-toe
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600 DH67CL Radeon HD 6850 Mix-a-match 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 EVO Western Digital Blue Western Digital Green LG Multi-write DVD-ROM 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 EVO Manjaro i3 Community Edition Samsung TV Steelseries 6Gv2 
PowerCaseMouse
No name 550kW Circle Steelseries Sensei 
  hide details  
Reply
post #17 of 43
Quote:
Originally Posted by evermooingcow View Post
I actually don't use sudo much either. I use it on my laptop so that I can run shutdown and hibernate without a password.


If you're allowing passwd and visudo through sudo as above isn't it the same as giving out your root password?
with how ubuntu setups sudo, the first account created is allowed full super user privileges using sudo+user password, so sudo setup initially in ubuntu is very powerful, and if you know the original user account password, you can do anything you please.

now any other additional created users, you have to add to the sudo group, and %wheel is typically the group granted full Super User privileges.

that way is only one of many ways to setup sudo.

typically if you were to deploy sudo in a large userbase, you wouldn't want everyone in the %wheel group to have full super user privilages, would totally make linux security useless.

so you would create a variety of groups, and give them different SU privileges, which you can setup in the sudoers file it /etc. you could give the wrong privilege to a user, which they could use to escalate to gain full root control over the system, which could be "damaging".

i'm like others here, i don't use sudo very often, i use to have it completely disabled, but i do find it at times faster to issue a single command thru sudo, so incase i forget to exit out of su, and some one comes along and does something "damaging" to my system.
Bazinga Punk
(12 items)
 
ooh shiny!
(6 items)
 
 
CPUMotherboardGraphicsRAM
Intel Xeon 3440 AsRock P55 extreme Evga 8800 GT 512 MB Gskill Ripjaws 
Hard DriveCoolingOSMonitor
Western Digital Blue Antec Khuler 620 Ubuntu 11.10 Asus vw264H 
KeyboardPowerCaseMouse
GIGABYTE KM7600 CORSAIR TX 650 Cooler Master 590 GIGABYTE GM-M6800 
CPUMotherboardGraphicsRAM
Intel Core I5 6500 Gigabyte z170xp-SLI Nvidia 970gtx Corsair 16gb ddr4 2666mhz  
Hard DriveOS
250gb Samsung Evo 850 Windows 10 & Ubuntu 15.10 
  hide details  
Reply
Bazinga Punk
(12 items)
 
ooh shiny!
(6 items)
 
 
CPUMotherboardGraphicsRAM
Intel Xeon 3440 AsRock P55 extreme Evga 8800 GT 512 MB Gskill Ripjaws 
Hard DriveCoolingOSMonitor
Western Digital Blue Antec Khuler 620 Ubuntu 11.10 Asus vw264H 
KeyboardPowerCaseMouse
GIGABYTE KM7600 CORSAIR TX 650 Cooler Master 590 GIGABYTE GM-M6800 
CPUMotherboardGraphicsRAM
Intel Core I5 6500 Gigabyte z170xp-SLI Nvidia 970gtx Corsair 16gb ddr4 2666mhz  
Hard DriveOS
250gb Samsung Evo 850 Windows 10 & Ubuntu 15.10 
  hide details  
Reply
post #18 of 43
Is 'sudo bla bla', in practice, any different from su -c 'bla bla'?
post #19 of 43
Could be worse, I was baffled because I couldn't get SCP access to a directory I just created. Set the permissions to 775, doublechecked for recursiveness.....until I remembered I created the directory as a superuser. Doh..
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
post #20 of 43
Quote:
Originally Posted by enorbet2 View Post
Knowing whether your running as user or root seems essential to me. Sudo negates this for convenience sake and as far as I'm concerned compromises security almost to the level of XP.
Well, the whole point is that you're not running as root, unless you type in "sudo" before the command. That seems pretty unambiguous to me.

Quote:
In CLI most consoles show you that you are root at the prompt. If not, I don't use them. Xapps can be setup with different themes so at a glance you know who you are. The juice ain't worth the squeeze IMHO.
The terminals may display the fact that you are root, but it's easy enough to open up a terminal you had running in the background and enter in something without paying attention. This has happened to me on plenty of occasions (albeit not doing anything that would have damaged my system) Never trust the user to pay attention to what they're doing, even if they are competent.

Quote:
Is 'sudo bla bla', in practice, any different from su -c 'bla bla'?
It is in how you gain additional privileges. Su requires you to enter the root password, sudo requires you to enter your own password, assuming that your account has been granted access to sudo. Of course, if someone leaves a root terminal open on a computer, you can very quickly run visudo and add yourself in

On traditional Unix implementations, su requires your account to be a member of the wheel group so that you have to be authorized to become root even if you know the password. This functionality was deliberately left out of the GNU implementation of su because -

Quote:
Why GNU su does not support the `wheel' group

(This section is by Richard Stallman.)

Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)

However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.

I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.
Remember kids, if you want a secure system, Richard Stallman thinks you are a bad person.
Edited by ch_123 - 2/20/11 at 7:06am
Daedalus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 955 Gigabyte MA78GM-UD2H Gainward 9600GT GS 4GB OCZ Platinum PC2-6400 
Hard DriveOSMonitorKeyboard
250GB Samsung P120S, 1TB Samsung F1 Window 7 64bit/Arch Linux Samsung 204B 20"/Dell 1701FP IBM Model F and others 
PowerCaseMouse
Corsair HX620 Lian-Li V350B Steelseries Ikari Laser 
  hide details  
Reply
Daedalus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X4 955 Gigabyte MA78GM-UD2H Gainward 9600GT GS 4GB OCZ Platinum PC2-6400 
Hard DriveOSMonitorKeyboard
250GB Samsung P120S, 1TB Samsung F1 Window 7 64bit/Arch Linux Samsung 204B 20"/Dell 1701FP IBM Model F and others 
PowerCaseMouse
Corsair HX620 Lian-Li V350B Steelseries Ikari Laser 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Sudo makes me feel stupid some times...