Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Root Disabled vs SUDO Disabled?

Ask for help with issues regarding the Installations of the Debian O/S.
Post Reply
Message
Author
Amandaville
Posts: 1
Joined: 2018-03-02 01:30

Root Disabled vs SUDO Disabled?

#1 Post by Amandaville »

The Debian installer gives the choice to create a root password or not. If not, the root account is disabled and sudo is enabled for the primary user account. Which choice is preferred? Is it more secure to keep the root account disabled?

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: Root Disabled vs SUDO Disabled?

#2 Post by Bulkley »

I would always have a root password.

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Root Disabled vs SUDO Disabled?

#3 Post by GarryRicketson »

I all ways set a root password. I never use "sudo", I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you, but I might be wrong, never have really used it, but way back a long time ago when I tried xubuntu , that is where I saw they use sudo.
Amandaville » Is it more secure to keep the root account disabled?
I suppose , in some ways it might be, but How will you administer the system with out a root account ?
If using sudo gives you all of same permissions root has, then it is not any more secure, any user in the sudo group could do the same amount of damage, or administration.
From what I have seen on this forum, these "super user do" folks , have a lot of problems, when they do not set a root password, and then they find they do not have access to system files they need to work with. So I would think it would be wise to set a root password, and a good one, and then keep it in a safe place, in case you do need it. And then be very care full about which users you put in the sudo group, ...

User avatar
yeti
Posts: 68
Joined: 2009-03-30 14:22

Re: Root Disabled vs SUDO Disabled?

#4 Post by yeti »

I do far less as root when using sudo for the commands really needing superpowers only instead of constantly switching to a root shell and I think that's good.

Sure my root still has a password but using that is "plan b".
"I have a natural instinct for science" — DJ Trump.
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: Root Disabled vs SUDO Disabled?

#5 Post by debiman »

GarryRicketson wrote:I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you
i was wondering too.
has this changed recently?
or is op really talking about *butnut?

User avatar
yeti
Posts: 68
Joined: 2009-03-30 14:22

Re: Root Disabled vs SUDO Disabled?

#6 Post by yeti »

GarryRicketson wrote:I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you
It is in expert installs.
Cant attach a screenshot of the installer in Qemu... :-( because the forum wrote:Sorry, the board attachment quota has been reached.
"I have a natural instinct for science" — DJ Trump.
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Root Disabled vs SUDO Disabled?

#7 Post by Head_on_a_Stick »

I remove sudo from my systems then lock the root account and add these lines to /etc/pam.d/su{,-l}:

Code: Select all

auth		required	pam_wheel.so use_uid
auth		sufficient	pam_wheel.so trust use_uid
I then create the wheel group and add my main user (only!):

Code: Select all

# groupadd wheel
# gpasswd -a $USER wheel
That allows my user to `su` to root without a password with no other method of obtaining root privileges available on that box.

APT has a complete fit when you ask it to remove sudo with the root account locked, it's really funny :lol:
deadbang

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Root Disabled vs SUDO Disabled?

#8 Post by GarryRicketson »

Cant attach a screenshot of the installer in Qemu... :-(
because the forum wrote:
Sorry, the board attachment quota has been reached.
No need for the screen shot, I believe you, but for future reference:
Attachments, How to post a screen shot and use code boxes


Image


User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: Root Disabled vs SUDO Disabled?

#10 Post by pylkko »

Also it could be added to all those points there that it is possible to give sudo for a set temporary time period then have it expire (or even expire the entire account), but it is harder to give full root access to some one and then take that back somehow. Furthermore, with sudo actions will be logged under the name of the user, whereas if you pass out root then all will be marked as root and it will be harder to say later on who did what and when. But when you are the only user of the machine it does not matter and I feel that using sudo gives little to no benefit.

milomak
Posts: 2158
Joined: 2009-06-09 22:20
Been thanked: 1 time

Re: Root Disabled vs SUDO Disabled?

#11 Post by milomak »

i always go the way of root password

i'm pretty sure it was the recommend way and i would be a bit surprised it it still wasn't

edit - i do enable sudo though after install. but i sett it to always ask for root password rather than user password
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid

Post Reply