set up a root password
joelol75 at verizon.net
Fri Aug 8 18:05:37 UTC 2008
> On Tuesday 05 August 2008 19:16:46 Jerry Gaiser wrote:
>> One of the first things *I* do is give root a password.
> Could someone who uses a root account give an actual example of where it is
> advantageous in comparision to using sudo?
> Is it just down to keystrokes or is there another reason.
> Just out of curiosity, what does sudo stand for? I have always assumed it was
> from "SuperUser do" but could it be from "Switch User (substitute user) do"
Well, I for one set up a root account (By choice)
OK, redirection is borked using sudo.
Ok, lets say perhaps you want to backup your menu.lst file in /boot/grub
$ cd /boot/grub
$ sudo cat menu.lst > menu.lst.bak
(I know, you could just use sudo cp menu.lst menu.lst.bak but my example
Or, you want to add another nameserver to your /etc/resolv.conf file
$ cd /etc
$ sudo echo "nameserver 192.168.1.1" >> resolv.conf
Fails as well.... OK so you can just sudo nano resolv.conf and add it
and then save it, but again for the example....
Now, I know redirection doesn't work, but unfortunately many bash
scripters who assume you will run their script under root don't and I've
wasted many hours of trying to live with sudo and no root password
beating my head off walls and having to sudo -i that you just start
running sudo -i off the bat.......
And for people who believe having a root password is a huge security
risk, how about having a user with just as much power...
What I'm trying to say is I feel it is alot more secure to remove admin
and sudo privileges from the user and set up a root password, then as
suggested edit the /etc/ssh/sshd_config file and remove root logins and
change the port to anything other than default.... and install fail2ban
and set it up to thwart script kiddies.
Hopefully they waste all their time trying to logon as root, because it
is just as secure as having no root password from the outside.
From the inside of the network there is more of threat, but I've seen
cleartext user passwords in scripts to start services at one time... And
playing in a terminal with malicious scripts that have "sudo -rf /etc/*"
in them, that you run as a regular user soon after using sudo, will run
without asking you for the password within the timeout period (Just an
example, nobody runs bad scripts)
Plus it kinda gets like Windows Vistas UAC where inexperienced users
'just click through anything' without paying attention. I think the
/etc/sudoers file should NOT have %admin ALL=(ALL) ALL in it. I am a
huge supporter of sudo actually (For the GUI stuff, synaptic, what have
you) but the sudoers file should ONLY allow things on a case by case
basis and not have godlike power... The Ubuntu way reminds me of MacOSX
and Windows Vista where a regular user has root power by clicking a
button or just typing a password. I want my UNIX/linux the way it was
in the beginning... Regular users and root, with using chmod, chown and
setting groups as needed, security can be improved massively compared to
a stock Ubuntu install... I can see WHY they did this, as it's for
linux newbies as well and they want everything to "Work easily, right
out of the box." Many newbies would be turned off if Ubuntu was set
really secure... And secure means secure from the user as well.
strace -oping.out ping google.com
Well all in all I feel that having a root password and having a single
superuser and stripping the regular user of sudo privilege works better
for me... In a larger environment where many admins work on a single
computer; yes, sudo is a better alternative for logging and more
granularity of privilege.
And for those that feel the Ubuntu way is much safer or more secure
because of a lack of root, why don't they enable selinux out of the
box? Why is AppArmour not really doing anything by default? No extended
ACL's, and improper sudo use is also default... Fixing this would surely
make more of a difference for arguments sake than worrying about a root
Setting up chroot jails around insecure applications is another
important step. Like all software, OSS software has bugs. Any many
programs are very complex and constantly are found to have privilege
escalation exploits. Samba is one.... If you have all linux computers,
why use it? NFS works just as well and has (in the past anyway) far
fewer security problems. PHP and drupal (Isn't all input improperly
"sanitized") and distros setting many programs setuid are asking for
problems.... Sure, you can stay updated and firewalled the best you can,
but assume that all software can and will be breached! Not design your
security around this fact to minimize damage and 'surface area' Many
programs don't need all the privileges they run with so use THE BARE
MINIMUM needed to get the job done and sandbox and firewall the hell out
of the more accessible ones [Apache (CGI scripts), bind9, Samba, NFS,
FTP, P2P software, SSH]
Don't assume firewalls will stop exploits, they are just another tool
(Yes important...) see http://jerichoforum.org for more on
de-perimeterization of firewalls. Back in the old days, to keep people
of the internet in your corporation, just simple blocking of port 80 and
443 would do the trick.... Now anyone can setup a simple proxy at home
and surf the web... Or vnc, or vpn's... The firewall boundary is
fading... Set up your network assuming there is NO firewall and protect
your services and data the best you can, THEN use a hardware firewall
forwarding only the ports you need through (Not jabbing your server in a
DMZ), then setup a software firewall (iptables) doing the same; but
don't put all your eggs into the firewall basket assuming it will stop
all attacks.... And by-god turn off upnp automatic port-forwards in the
Back on my hatred of setuid programs.. POSIX file attributes are a
better way than running as root. The ping command is a good example.
All you need to do is grant it access to rawsockets (POSIX code 13) and
you don't need to run ping as root. Of course there is probably no
exploit in ping, but why does it need GOD power.... Adding POSIX file
capabilities in the kernel allows you to run most programs (like ping)
that need root power as a regular user and NOT using setuid by granting
them the specific power they need without giving them FULL root. Ping
only needs the power to access rawsockets, but Ubuntu gives the ping
program the power to delete the entire /etc directory without needing
sudo.... Scary ain't it...
OK, going way off topic... But if you want a root account go for it!
There's more important security problems to worry about!
More information about the kubuntu-users