Page 1 of 2

Suggestion: Sudo in standart installation

PostPosted: 2008-11-09 11:04
by DingoBoy
Pretty simple:
Is there any specific installation that a default-configured sudo option is only avaliable in the expert install? I believe it would be a good option to include directly in the normal install, because, I hope we agree, sudo is much safer.

Is there any specific reason this has been left out? If it is a very tricky thing to do, I apologise for my ignorance.

Just curious.

Comradely, DingoBoy.

Re: Suggestion: Sudo in standart installation

PostPosted: 2008-11-09 11:59
by Telemachus
DingoBoy wrote:Pretty simple:
Is there any specific installation that a default-configured sudo option is only avaliable in the expert install? I believe it would be a good option to include directly in the normal install, because, I hope we agree, sudo is much safer.

Ah, but there's the rub. We don't agree: sudo is not much safer.

It's easy to install, if you want it. Just use your favorite package manager and install sudo. Then use the helper program visudo to set it up.

PostPosted: 2008-11-09 15:44
by saulgoode
The "default configuration" of SUDO is to behave as though SUDO was not installed (i.e., no privileges granted except to root). I don't see any real problem were SUDO to be automatically installed using this configuration, but I also don't see much point.

PostPosted: 2008-11-09 15:54
by BioTube
I don't see how sudo is much safer if abused to be an alternative to su. It is meant to allow people who need to do certain things root privileges FOR THOSE THINGS ONLY(hence why the root password isn't asked for). For example, I have a script that takes down a network interface and brings it back up; I use sudo(and a wrapper script) to allow the other users of this machine to use it without problem(note that sudo's configured to only let them run the script, not ifupdown). Using sudo to replace su is just asking to get your system shot to hell since malware just has to put itself in a loop, periodically trying sudo until you do something requiring admin rights and therefore allowing the malware the ability to cripple your system without so much as your password. You can configure sudo to always require a password, but then it's little different than su -c 'command'.

PostPosted: 2008-11-09 17:42
by didi
I think it would be a very bad idea.

Sudo is meant to be used in a specific way, like BioTube described, to grant normal users privileges to a command which normally requires root access.
It is not meant as a replacement for the root account, even though Ubuntu makes you think otherwise. The Ubuntu way is WRONG as it makes it's users forget the importance of security, since most of it's users grant all root privileges to all users.
Linux is so secure because when you are going to make system-wide changes you need root access, which is a good reminder that you're going to do sth significant to your system and you should be careful what you're doing.
Ubuntu's use of sudo pretty much negates that, by not 'bothering' you with such issues as security :roll:

Sudo is a very powerfull and useful tool and they even recommend it's use in Linux Administration Handbook (2nd edition), but only in the way it was meant to be used:
sudo description wrote:Provide limited super user privileges to specific users
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is
to give as few privileges as possible but still allow people to get their work done.

Ppl who realize that will know that all they have to do is
Code: Select all
aptitude install sudo
to get what they want.
Including it in the default install encourages the wrong way to use sudo, so that's why I think it's a bad idea.

Re: Suggestion: Sudo in standart installation

PostPosted: 2008-11-09 18:47
by infinitycircuit
DingoBoy wrote:Pretty simple:
Is there any specific installation that a default-configured sudo option is only avaliable in the expert install? I believe it would be a good option to include directly in the normal install, because, I hope we agree, sudo is much safer.

Is there any specific reason this has been left out? If it is a very tricky thing to do, I apologise for my ignorance.

Just curious.

Comradely, DingoBoy.


A default-configured sudo in the expert install comes at the expense of not configuring the root account. This is unacceptable.

PostPosted: 2008-11-09 19:05
by BioTube
I've always found sudo to be installed by default, just configured for root alone. The fact that debian-installer will disable the root account should be corrected forthwith.

PostPosted: 2008-11-09 19:18
by infinitycircuit
Sudo is neither priority required not important. It is brought in by the Desktop task as a dependency of gksu.

PostPosted: 2008-11-09 20:49
by BioTube
Ahhh... I get it now - I install gparted as a matter of course(wasn't there a qtparted? I remember running into some monstrosity by that name) and it pulls in sudo.

PostPosted: 2008-11-09 21:47
by Jackiebrown
I use it the way BioTube does - for very specific apps.

The difference is, no one else uses my machine so its mainly one or two apps that I use multiple times a day or for a script.

I think the only one set right now is make (which is probably one of the more dangerous ones to set, but since I compile KDE daily, I was willing to sacrifice risk it versus going into my bash history and deleting it every time I type the password to quick after typing su.

PostPosted: 2008-11-10 00:05
by infinitycircuit
I only use sudo for cowbuilder so that git-buildpackage can be run without babysitting. The difference between typing su root -c and sudo is infinitesimal anyway.

PostPosted: 2008-11-10 09:16
by didi
http://www.debian.org/devel/debian-desktop/ wrote:We will try to ensure that software is configured for the most common desktop use. For instance, the regular user account added by default during installation should have permission to play audio and video, print, and manage the system through sudo.

Looks kind of official and kind of scary ...

PostPosted: 2008-11-11 00:30
by Jackiebrown
That page was for when sarge was the testing branch.

PostPosted: 2008-11-11 03:18
by mzilikazi
Personally I won't use sudo at all. I just don't see any point not to mention the complete and total lack of securty it creates. I've never booted Ubuntu. What happens if you do this?
Code: Select all
sudo rm -rf /some/dir

(Don't try this at home boys & girls)
Would it nuke your entire dir?

PostPosted: 2008-11-11 03:32
by BioTube
If you're stupid enough to abuse it Ubuntu-style. An intelligent admin would never give a user 'sudo' rights to rm.