Root Disabled vs SUDO Disabled?

Help with issues regarding installation of Debian

Root Disabled vs SUDO Disabled?

Postby Amandaville » 2018-03-17 01:04

The Debian installer gives the choice to create a root password or not. If not, the root account is disabled and sudo is enabled for the primary user account. Which choice is preferred? Is it more secure to keep the root account disabled?
Amandaville
 
Posts: 1
Joined: 2018-03-02 01:30

Re: Root Disabled vs SUDO Disabled?

Postby Bulkley » 2018-03-17 01:17

I would always have a root password.
Bulkley
 
Posts: 5510
Joined: 2006-02-11 18:35

Re: Root Disabled vs SUDO Disabled?

Postby GarryRicketson » 2018-03-17 02:00

I all ways set a root password. I never use "sudo", I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you, but I might be wrong, never have really used it, but way back a long time ago when I tried xubuntu , that is where I saw they use sudo.

Amandaville » Is it more secure to keep the root account disabled?

I suppose , in some ways it might be, but How will you administer the system with out a root account ?
If using sudo gives you all of same permissions root has, then it is not any more secure, any user in the sudo group could do the same amount of damage, or administration.
From what I have seen on this forum, these "super user do" folks , have a lot of problems, when they do not set a root password, and then they find they do not have access to system files they need to work with. So I would think it would be wise to set a root password, and a good one, and then keep it in a safe place, in case you do need it. And then be very care full about which users you put in the sudo group, ...
User avatar
GarryRicketson
 
Posts: 4790
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Root Disabled vs SUDO Disabled?

Postby yeti » 2018-03-17 02:40

I do far less as root when using sudo for the commands really needing superpowers only instead of constantly switching to a root shell and I think that's good.

Sure my root still has a password but using that is "plan b".
"They may have computers, and other weapons of mass destruction." — Janet Reno
"Logic, my dear Zoe, merely enables one to be wrong with authority." — The 2nd Doctor
"Don't we all wait for SOMETHING-ELSE-1.0?" — yeti
User avatar
yeti
 
Posts: 46
Joined: 2009-03-30 14:22
Location: Wrong Planet.

Re: Root Disabled vs SUDO Disabled?

Postby debiman » 2018-03-17 08:56

GarryRicketson wrote:I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you

i was wondering too.
has this changed recently?
or is op really talking about *butnut?
User avatar
debiman
 
Posts: 2127
Joined: 2013-03-12 07:18

Re: Root Disabled vs SUDO Disabled?

Postby yeti » 2018-03-17 09:34

GarryRicketson wrote:I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you

It is in expert installs.

Cant attach a screenshot of the installer in Qemu... :-(
because the forum wrote:
Sorry, the board attachment quota has been reached.
"They may have computers, and other weapons of mass destruction." — Janet Reno
"Logic, my dear Zoe, merely enables one to be wrong with authority." — The 2nd Doctor
"Don't we all wait for SOMETHING-ELSE-1.0?" — yeti
User avatar
yeti
 
Posts: 46
Joined: 2009-03-30 14:22
Location: Wrong Planet.

Re: Root Disabled vs SUDO Disabled?

Postby wizard10000 » 2018-03-17 09:52

Debian defaults to sudo. If you do nothing but hit 'next' when prompted for a root password Debian installs sudo and the user created during install gets added to sudoers.
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1268
Joined: 2011-05-09 20:02
Location: everywhere i go, there i am!

Re: Root Disabled vs SUDO Disabled?

Postby Head_on_a_Stick » 2018-03-17 10:03

I remove sudo from my systems then lock the root account and add these lines to /etc/pam.d/su{,-l}:
Code: Select all
auth      required   pam_wheel.so use_uid
auth      sufficient   pam_wheel.so trust use_uid

I then create the wheel group and add my main user (only!):
Code: Select all
# groupadd wheel
# gpasswd -a $USER wheel

That allows my user to `su` to root without a password with no other method of obtaining root privileges available on that box.

APT has a complete fit when you ask it to remove sudo with the root account locked, it's really funny :lol:
"Only the mediocre are always at their best." — Jean Giraudoux
User avatar
Head_on_a_Stick
 
Posts: 7412
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Root Disabled vs SUDO Disabled?

Postby GarryRicketson » 2018-03-17 16:22

Cant attach a screenshot of the installer in Qemu... :-(
because the forum wrote:
Sorry, the board attachment quota has been reached.

No need for the screen shot, I believe you, but for future reference:
Attachments, How to post a screen shot and use code boxes


Image
User avatar
GarryRicketson
 
Posts: 4790
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Root Disabled vs SUDO Disabled?

Postby emariz » 2018-03-19 18:30

emariz
 
Posts: 2897
Joined: 2008-10-17 07:59

Re: Root Disabled vs SUDO Disabled?

Postby pylkko » 2018-03-22 11:26

Also it could be added to all those points there that it is possible to give sudo for a set temporary time period then have it expire (or even expire the entire account), but it is harder to give full root access to some one and then take that back somehow. Furthermore, with sudo actions will be logged under the name of the user, whereas if you pass out root then all will be marked as root and it will be harder to say later on who did what and when. But when you are the only user of the machine it does not matter and I feel that using sudo gives little to no benefit.
User avatar
pylkko
 
Posts: 1283
Joined: 2014-11-06 19:02

Re: Root Disabled vs SUDO Disabled?

Postby milomak » 2018-03-23 20:31

i always go the way of root password

i'm pretty sure it was the recommend way and i would be a bit surprised it it still wasn't

edit - i do enable sudo though after install. but i sett it to always ask for root password rather than user password
iMac - MacOS and Windows 10 (Bootcamp)/ Debian Sid (External SSD)
Laptop (64-bit) - Debian Sid, Win10,
Kodi Box - Debian Sid
milomak
 
Posts: 1689
Joined: 2009-06-09 22:20


Return to Installation

Who is online

Users browsing this forum: No registered users and 3 guests

fashionable