[HanoiLUG] Ubuntu-sudo usage..

[Steve]

david wrote
> I've never done a 'vanilla' Ubuntu install, so I'm not sure, but I think
> that maybe the idea is that if you don't set a root password during the
> install, it won't prompt you for one when you 'sudo' from the normal
> account.  Someone can correct me if I'm wrong.  If so, I think that they
> are halfway onto the right idea.

Not at all!  Sudo requests the user's password before elevating the
user's permissions - there is no separate password for the root user,
and the root user is disabled, so dictionary attacks on the root user
will fail.

> In the old days, an unauthorized user as root could steal/destroy the
> data of all users, as well as bring the system down, but as an
> unprivileged user, could only steal/destroy that one user's data.  But
> now, there only *is* one user.
Not sure what you mean?  Linux is still just as much a multi-user
system as it ever was.  The difference is that sudo allows individual
users to gain elevated permissions without having to share a password
among everybody.  Note also that sudo's permissions can be very finely
tuned - you can grant one user permission to run one command only if you
so wish.


> Personally, I always set a root password, and add an entry to
> /etc/sudoers that allows my 'private' ID to sudo to anything, like:
> my_user ALL=NOPASSWD: ALL
> and I have an alias in my .bashrc:
> alias su="sudo su -"
> Then I disable all of their 'security' features like disallowing root
> login from gdm, from ssh, etc. (but I take an additional precaution of
> disallowing root login via password in ssh, only via PK, and have sshd
> use a non-default port).

No offense (really) but this does not sound like good security to me.