Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Suggestion: Sudo in standart installation

User discussion about Debian Development, Debian Project News and Announcements. Not for support questions.
Message
Author
User avatar
Telemachus
Posts: 4574
Joined: 2006-12-25 15:53
Been thanked: 2 times

#16 Post by Telemachus »

mzilikazi wrote:Personally I won't use sudo at all. I just don't see any point not to mention the complete and total lack of securty it creates. I've never booted Ubuntu. What happens if you do this?

Code: Select all

sudo rm -rf /some/dir
(Don't try this at home boys & girls)
Would it nuke your entire dir?
I'm not sure I follow your argument. Assume you are using Ubuntu: after you type that command, you still have to enter a password. Ubuntu is not set to allow password-free superuser privileges to regular users. One gotcha, however, is that I believe the default in Ubuntu is a 15 minute no-password period, after you enter your pass. That is, every subsequent sudo command for the next 15 minutes does not require a password. That's a very poor default, I think.

That said, in Debian what's to stop me from entering this?

Code: Select all

su -c 'rm -rf /some/dir'
The only difference is that after I type that, I need to enter a root password rather than my regular user password. I agree that this is somewhat more secure, but it isn't night and day.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

User avatar
mzilikazi
Forum Account
Forum Account
Posts: 3282
Joined: 2004-09-16 02:14
Location: Colorado Springs, CO

#17 Post by mzilikazi »

Telemachus wrote: That said, in Debian what's to stop me from entering this?

Code: Select all

su -c 'rm -rf /some/dir'
The only difference is that after I type that, I need to enter a root password rather than my regular user password. I agree that this is somewhat more secure, but it isn't night and day.
The difference is that you have a user & root and only root can do those sorts of things. Keep in mind that not evey system has only one user.

That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Personally, I always thought it much faster to just get root and do what it is you have to do rather than typing sudo each time.
Debian Sid Laptops:
AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 / 1.5G
Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz / 3G

User avatar
Telemachus
Posts: 4574
Joined: 2006-12-25 15:53
Been thanked: 2 times

#18 Post by Telemachus »

mzilikazi wrote:That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).
Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

User avatar
bugsbunny
Posts: 5354
Joined: 2008-07-06 17:04
Been thanked: 1 time

#19 Post by bugsbunny »

Telemachus wrote:
mzilikazi wrote:That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).
Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.
Debian's default is also 15 minutes.

User avatar
Telemachus
Posts: 4574
Joined: 2006-12-25 15:53
Been thanked: 2 times

#20 Post by Telemachus »

bugsbunny wrote:
Telemachus wrote:
mzilikazi wrote:That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).
Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.
Debian's default is also 15 minutes.
Maybe 15 minutes is the default sudo default. That is, if sudo is installed, a 15 minute time per entry of password is the default.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

User avatar
bugsbunny
Posts: 5354
Joined: 2008-07-06 17:04
Been thanked: 1 time

#21 Post by bugsbunny »

Telemachus wrote:
bugsbunny wrote:
Telemachus wrote: Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.
Debian's default is also 15 minutes.
Maybe 15 minutes is the default sudo default. That is, if sudo is installed, a 15 minute time per entry of password is the default.
That is correct :)

Post Reply