Suggestion: Sudo in standart installation

News and discussion about development of the Debian OS itself

Postby Telemachus » 2008-11-11 12:58

mzilikazi wrote:Personally I won't use sudo at all. I just don't see any point not to mention the complete and total lack of securty it creates. I've never booted Ubuntu. What happens if you do this?
Code: Select all
sudo rm -rf /some/dir

(Don't try this at home boys & girls)
Would it nuke your entire dir?

I'm not sure I follow your argument. Assume you are using Ubuntu: after you type that command, you still have to enter a password. Ubuntu is not set to allow password-free superuser privileges to regular users. One gotcha, however, is that I believe the default in Ubuntu is a 15 minute no-password period, after you enter your pass. That is, every subsequent sudo command for the next 15 minutes does not require a password. That's a very poor default, I think.

That said, in Debian what's to stop me from entering this?
Code: Select all
su -c 'rm -rf /some/dir'

The only difference is that after I type that, I need to enter a root password rather than my regular user password. I agree that this is somewhat more secure, but it isn't night and day.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
User avatar
Telemachus
 
Posts: 4677
Joined: 2006-12-25 15:53

Postby mzilikazi » 2008-11-12 02:12

Telemachus wrote:That said, in Debian what's to stop me from entering this?
Code: Select all
su -c 'rm -rf /some/dir'

The only difference is that after I type that, I need to enter a root password rather than my regular user password. I agree that this is somewhat more secure, but it isn't night and day.

The difference is that you have a user & root and only root can do those sorts of things. Keep in mind that not evey system has only one user.

That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Personally, I always thought it much faster to just get root and do what it is you have to do rather than typing sudo each time.
Debian Sid Laptops:
AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 / 1.5G
Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz / 3G
User avatar
mzilikazi
Forum Ninja
 
Posts: 3321
Joined: 2004-09-16 02:14
Location: Colorado Springs, CO

Postby Telemachus » 2008-11-12 12:57

mzilikazi wrote:That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
User avatar
Telemachus
 
Posts: 4677
Joined: 2006-12-25 15:53

Postby bugsbunny » 2008-11-12 19:20

Telemachus wrote:
mzilikazi wrote:That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.


Debian's default is also 15 minutes.
User avatar
bugsbunny
 
Posts: 5355
Joined: 2008-07-06 17:04

Postby Telemachus » 2008-11-12 19:38

bugsbunny wrote:
Telemachus wrote:
mzilikazi wrote:That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.


Debian's default is also 15 minutes.

Maybe 15 minutes is the default sudo default. That is, if sudo is installed, a 15 minute time per entry of password is the default.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System
User avatar
Telemachus
 
Posts: 4677
Joined: 2006-12-25 15:53

Postby bugsbunny » 2008-11-12 19:50

Telemachus wrote:
bugsbunny wrote:
Telemachus wrote:
mzilikazi wrote:That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.


Debian's default is also 15 minutes.

Maybe 15 minutes is the default sudo default. That is, if sudo is installed, a 15 minute time per entry of password is the default.


That is correct :)
User avatar
bugsbunny
 
Posts: 5355
Joined: 2008-07-06 17:04

Previous

Return to Debian Development

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable