SU & SUDO

Robert Parker rlp1938 at gmail.com
Sat Oct 7 15:37:17 UTC 2006


On 10/7/06, Dave <dsterken at gmail.com> wrote:
>
> That aside, you mentioned several things I was unaware of. I was not
> comparing it to the wheel group, which is a very useful tool. I agree, the
> developers obviously chose sudo for a reason or they wouldn't have woven it
> in. Locking up the Root account is good idea, but it still has a sudo
> account right, and an admin group? Isn't that like trading 1-fat cow for a
> group of fat cows? Trading Root's password, for a sudo password that has all
> the privileges of root at the user level may not gain me any security, in
> fact, it may make things less convenient but it feels like it gives me more
> control.  However, I will certainly give sudo a chance based on your
> suggestions (all very wise), I must admit though, I'm still squeamish about
> it.  :-)

I think the main consequence of this needs to be 2 users accounts. 1
with sudo privilege and the other 1 without to access the internet.
Conventional wisdom has been never to go on line as root, I should
think that that the same rule should apply here too.

Also, do be sure to use decent passwords etc, 10 chars minimum or
better yet a very long passphrase.

Bob

>
> Thanks again
>
> On 10/6/06, Daniel Pittman <daniel at rimspace.net> wrote:
> > Dave <dsterken at gmail.com> writes:
> >
> > G'day Dave.
> >
> > > You all brought up great points! The main reason I want "su"
> > > vs. "sudo" is for security. Admittedly, I do not have a deep
> > > understanding of how sudo works but I came from a FreeBSD environment
> > > and have only just started using Ubuntu recently.
> >
> > OK.  First, a hint from my years of experience with security: you will
> > generally get better security sticking with the tools the developers
> > chose than adding additional tools -- unless you understand exactly what
> > you are trading off in each direction.
> >
> > > While a lot of things are different to me, I do not understand the
> > > need to give applications in x, access to sudo.
> >
> > None of the applications, X or otherwise, have access to sudo.  *Users*,
> > and specifically users in the 'admin' group (which is equivalent in many
> > ways to the 'wheel' group from *BSD) have access to sudo.
> >
> > Those users can use sudo to run software with elevated privileges; the
> > software can take advantage of that, like it can take advantage of su,
> > but it is a property of the *user* not the application.
> >
> > > I feel that if I want to run a series of tools that require extra
> > > privileges, it is simple enough to su to root and be done with it.
> >
> > Well, in the simplest case that will not work for GUI tools as they will
> > lose a number of essential elements of X security.
> >
> > > I would however, love to hear how the security of sudo is coming
> > > along, perhaps my concerns seem silly to you guys.
> >
> > Being concerned about security is reasonable.  I still don't understand
> > exactly what your concern about sudo is though.  Can you restate it in a
> > short question or something?
> >
> >
> > Anyway, the essential trade-off with sudo vs su (and a root password) is
> > documented in the links others shot you in the thread, but comes down
> > to:
> >
> >   With traditional su, and a root password, that password is a well
> >   known point to attack.
> >
> >   By locking the root account Ubuntu gains security, because you can no
> >   longer gain access as root regardless of how well you guess.
> >
> >
> >   The cost of that is that sudo makes the password for an account in the
> >   'admin' group equivalent to the root password.
> >
> >   If you have multiple members of 'admin' then you have multiple
> >   passwords equivalent to root.
> >
> >
> > So, the trade off in security terms is that Ubuntu gains security by
> > having the root account locked -- no attack direct to root can succeed.
> >
> > There is one account, by default, which is the equivalent of root.
> >
> > This is an account that is regularly used, because it is a normal user
> > account, so the password is more likely to be changed (and remembered)
> > than a root account that is almost never used.[1]
> >
> >
> > Oh, and if you are concerned because you don't know the security history
> > of sudo, vs the core su command, feel comforted: it has a good security
> > record, and is regularly audited and updated to address new concerns as
> > they develop.
> >
> > Regards,
> >         Daniel
> >
> > Footnotes:
> > [1]  Obviously, this isn't true for everyone; some of us need root
> >      access regularly.  Those folks are likely to be the same ones who
> >      would have a secure root password, etc, etc.
> >
> > --
> > Digital Infrastructure Solutions -- making IT simple, stable and secure
> > Phone: 0401 155 707        email:
> contact at digital-infrastructure.com.au
> >                  http://digital-infrastructure.com.au/
> >
> >
> > --
> > kubuntu-users mailing list
> > kubuntu-users at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
> >
>
>
>
> --
> Dave Sterken
> --
> kubuntu-users mailing list
> kubuntu-users at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>
>
>


-- 
On any list, if X is the bandwidth wasted on off-topic posts, NX is
the bandwidth wasted on discussing the evils of off-topic posts where
5 <= N <= 10.




More information about the kubuntu-users mailing list