sudo versus #
KAYVEN RIESE
kayve at sfsu.edu
Wed Feb 10 23:13:46 UTC 2010
On Wed, 10 Feb 2010, Johnneylee Rollins wrote:
> On Wed, Feb 10, 2010 at 12:00 PM, KAYVEN RIESE <kayve at sfsu.edu> wrote:
>>
>> It's my understanding that the sudo command basically executes the
>> subsequent command as superuser. I fail to see the difference between
>> having a # prompt logged into superuser and sudo, other than ensuring that
>> you don't make mistakes, unless having the terminal open can allow
>> attackers to infiltrate the system? I have been using command line unix
>> for a long time. I don't make mistakes. What is the real implications of
>> sudo?
>>
>> Also, I notice that when Ubuntu gives me those update dialog boxes my root
>> password doesn't work to allow the installation to go forward. This makes
>> me irritated, because it instead wants my normal user password, which for
>> me by design is a weaker password that I use for more things and thus
>> could be more easily cracked. My root password is longer and I use it for
>> less things. Both are immune to dictionary attack, but it bothers me the
>> way this subverts my configuration.
>
> Hope this helps. If you need more information, please do let us know.
> https://help.ubuntu.com/community/RootSudo
somebody told me to do "sudo passwd" so I did. As I explained, I DID set
a root passwd, so this:
[::clip RootSudo ::]
Every cracker trying to brute-force their way into your box will know it
has an account named root and will try that first. What they don't know is
what the usernames of your other users are. Since the root account
password is locked, this attack becomes essentially meaningless, since
there is no password to crack or guess in the first place.
[::end clip::]
Well.. OK. I am subverting this by creating a root passwd? However, if
they crack my username (which shouldn't be that difficult, that isn't
encrypted) AND my weaker user passwd then they crack my sudo anyway? As I
have explained, my root passwd is stronger and I am more careful with it..
so basically I think I was aware of this at least intuitively, and it
seems meaningless to me.
[:: RootSudo clip ::]
sudo adds a log entry of the command(s) run (in /var/log/auth.log). If you
mess up, you can always go back and see what commands were run. It is also
nice for auditing.
[:: end clip ::]
Nice to know, and I should probably start doing the logs I have been doing
in /var/log instead of /root/apt-get like I have been doing? Again, it
seems to me I can float my boat and do it my own way. Realizing I have
logs in /root/apt-get is better than not realizing the /var/log/auth.log
exists.
I'm basically looking for justification that using sudo is not essential
and it should be OK for me to carry on the way I have been doing it.
> > ~SpaceGhost >
>>
>> --
>> ubuntu-users mailing list
>> ubuntu-users at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
*----------------------------------------------------------*
Kayven Riese, BSCS, MS (Physiology and Biophysics)
(415) 902 5513 cellular
http://kayve.net
Webmaster http://ChessYoga.org
*----------------------------------------------------------*
More information about the ubuntu-users
mailing list