root user

[Liam Proven]

On 1 January 2012 18:33, doug <dmcgarrett at optonline.net> wrote:
> On 01/01/2012 11:45 AM, Smoot Carl-Mitchell wrote:
>>
>> On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:
>>>
>>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>>>>
>>>> root is disabled, and it does not have a passwd. if you really want to
>>>> use "root", just set a passwd for it.
>>>>
>>>> command:
>>>>
>>>
>>> You can do this, but it is not a good idea. The major security advantage
>>> of Unix OS's over Windows is afforded by their disabled root accounts
>>> inaccessible to outside intruders. Keep it that way, unless you have a
>>> truly compelling reason to risk your root account's security for.
>>
>> Very few attacks on Unix/Linux systems try and guess the root password.
>> Most attacks take advantage of known flaws in processes running with
>> root privileges. With a strong password it is nearly impossible to guess
>> the root password. So from a security standpoint having a password on
>> the root account is not opening up a lot of risk.  Since using "su -" on
>> a host with a root password or "sudo -i" on a host with a locked root
>> account are functionally equivalent, why have a password on root which
>> you need to remember?
>>
>> On the other hand logging in as root (or sudo -i to root) and doing all
>> your work as root is risky, since every program you run is at an
>> elevated privilege.  If you download a program or execute an email
>> attachment as root, then all security bets are off.  This BTW was the
>> major attack vector for viruses and worms into Windows systems before
>> they introduced a degree of privilege separation.  sudo is a nice tool
>> which makes you aware of the programs you want to run with root
>> privileges. In my view it keeps you from doing really dumb things.
>>
> I'm trying to learn something here:  as I understand it, sudo
> gives you root privileges,

No, not quite.

> so what's the difference between
> su (password) and sudo (password)

"Su" stands for "super user". That means "root", normally, on Unix.

The "sudo" command means "superuser do" - in other words, do *one
command* as the superuser. So you type:

sudo cp /etc/fstab /etc/fstab.bak

... and it runs *that one command* as the superuser.

To do this, you need to supply /your own password/ and your account
needs to be in a group that permits you to do "sudo".

There is a handy loophole, though: if the thing that you do is run a
shell, then that shell runs as root and you can effectively become
root and run commands as root. That is what "sudo bash" does, and
because it's useful, there is a shortcut: "sudo -s", meaning, do the
action of opening a shell as the superuser.

The "su" command is completely different. It allows you to /become/
the superuser. When you type "su", you need to supply *root's*
password and then you become root until you end the session with
ctrl-D or "logout". *Your* password has nothing to do with it.

When you "su", you get a new shell. You can't run one command.

So "su" and "sudo" are totally different and do totally different
things. The correct comparison is between "su" and "sudo -s". They do
the same thing, but with one big difference: for "su", you need an
active root account and you need to know its password. For "sudo -s"
you need *your own* password and root can be left disabled.





-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lproven at cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven at hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven
Tel: +44 20-8685-0498 • Cell: +44 7939-087884