[HanoiLUG] Ubuntu-sudo usage..

Thu Jan 4 17:46:14 ICT 2007

O
> >
> > >In the old days, an unauthorized user as root could steal/destroy the
> > >data of all users, as well as bring the system down, but as an
> > >unprivileged user, could only steal/destroy that one user's data.  But
> > >now, there only *is* one user.
> > Not sure what you mean?  Linux is still just as much a multi-user
> > system as it ever was.  The difference is that sudo allows individual
> > users to gain elevated permissions without having to share a password
> > among everybody.  Note also that sudo's permissions can be very finely
> > tuned - you can grant one user permission to run one command only if you
> > so wish.
>
, Le Xuan Thao <thaolx at gmail.com> wrote:
> What he meant is that when you are the only user of the system then
> system files do not matter as much as in multi-user systems. Your
> personal files are much more important. If your account is compromised,
> it's end of story, while in multi-user systems other users can still
> work normally as long as the attacker does not have root priviledge. So
> in one-user system su or sudo could be considered as warning when you
> try to do something that might be dangerous. The "extra protection" is not
> much since there is no other user to protect. That makes sense to me.

Problem is that you only think about your own data and your own user.
Your data is probably not important to many people. (This sounds harsh,
but it is reality) Most crackers are not interested in your data, they
are interested in your resources; the computer, your Internet
connection.

The majority of compromised machines are used as jumping points to get
to bigger fish, or to send spam, or viruses, etc.

The difference between getting access as a normal user and root is that
if you get root access, you can install your own little backdoors and
apps that is used to scan the network for other vulnerabilities, or send
out spam or do whatever.

As root the cracker can install a rootkit that hide certain tools inside
existing binaries. Your machine can be set up to start services that
run in the background on boot.  The cracker can basically re-configure
your machine to do
whatever he/she wants it to do and even hide it from you.

This cannot be done as a normal user.

Most compromises are not reached by using a user's
password.  Vulnerabilities in software running on the machine is used to
get access.  So, if that software is running as root, then the cracker
immediately have root access and can setup your machine to be his/her
slave.

The more complex software is, the more chance of having vulnerabilities,
that is why you *NEVER* run a GUI desktop system as root.  Desktop
software is the most complex.
You run your Desktop as a normal user and su or sudo to root when you
need to.

I normally disable root access via ssh as this just gives you another
added level of security.  It just makes it that much more difficult to
get in.

On a machine that is on the internet, I normally only have one user that
is allowed ssh access.

So you have to log in as that user and then su of sudo to get to any
other user (including root).  The special login user also have very
limited rights on the system.

You cannot make it impossible for someone to break into the machine, but
you can make it as difficult as possible, do discourage attacks.  If it
is more difficult to get into my box than yours, then a cracker will try
to break into your machine, not mine and that is all I need.
So, make your machine more secure than the next guy.

Also note that there is always a balance.  You have to balance your
security with practicality and usability.

But, don't get confused with the Microsoft version of usability that
means that any user can do anything on the machine.