Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
Soul Singin' wrote:Using sudo to run a command as root is equivalent to logging into the root account and running that same command. Therefore, using sudo is certainly not safer than logging into the root account. In fact, one could argue that using sudo is less secure because people have a tendency to use easier passwords for their user account than they do for the root account.
So why does Ubuntu use sudo? My guess is that they are trying to make GNU/Linux easy for the new user, so they figure that it is easier to provide one username and password than it is to explain the separation of the user account from the root account.
In any case, their reasoning is so bad that I felt compelled to start a whole thread about it. See: sudo rm -rf Ubuntu.
That having been said, there are some legitimate uses for sudo. For example, you may want to give normal users the ability to shutdown or hibernate the computer. In such cases, you could add:
- Code: Select all
%guest ALL = NOPASSWD: /usr/sbin/hibernate
%guest ALL = NOPASSWD: /sbin/shutdown
to your /etc/sudoers file. (Note: On my system, all users are in the guest group).
Alternatively, you may want to give user chris the power to run a command as user rich. For example, adding:
- Code: Select all
chris ALL = (rich) NOPASSWD: /usr/bin/whoami
to the /etc/sudoers file would enable chris to run:
- Code: Select all
sudo -u rich whoami
Because chris would be using sudo to run whoami as rich, the output of the command would be: "rich."
So go ahead and use sudo. Just be sure to limit the set of commands that the normal user may execute as root. For example, you should NOT allow a normal user to run an editor like Vi or Emacs as root.man sudoers wrote:PREVENTING SHELL ESCAPES
Once sudo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass sudo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs.
Hope this helps,
- Soul Singin'
zoli62 wrote:Why is it not preferable to use sudo by default in Debian?
zoli62 wrote:Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
I think you have to enter the root password during the installation, because it can't continue.
Tired as hades and mentally worn out. Though again ... if all someone can muster when discussing or asking about a fairly complex technical subject is one liners. They/ye forceth my hand PlOnk ... PLonk, PLONkkkkkkkkkk, PlOnK !!!!
cuckooflew wrote:zoli62 wrote:Why is it not preferable to use sudo by default in Debian?
Because some users, like me , do not want to use "sudo" , those that do want to use it can install it and set it up if they so desire.zoli62 wrote:Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
I think you have to enter the root password during the installation, because it can't continue.
Your thinking is wrong, maybe you should do some research, read some of the Debian documenation, but as Dai_trying said, if you don't set a root password, you will get sudo , no matter if you want it or not.
Deb-fan wrote:Been biting my digi-tongue for this persons posts.
Gotta say, do your own homework and research dude !!! it's actually somewhat involved and I don't feel like typing a bk out so you don't have to find/read the already massive amounts of info on the topic yourself. After the kdesu thread, which again, not even touching it. You're obviously talking about using sudo to launch graphical apps-etc with privileges. Done right with the right flags/switches and some other associated junk, no problemo but again, am not attempting summarizing junk like this so you don't have to research and learn for yourself.
Soul Singin' wrote:Are you trying to start a flame war? This board used to have heated discussions on this topic.Soul Singin' wrote:Using sudo to run a command as root is equivalent to logging into the root account and running that same command. Therefore, using sudo is certainly not safer than logging into the root account. In fact, one could argue that using sudo is less secure because people have a tendency to use easier passwords for their user account than they do for the root account.
So why does Ubuntu use sudo? My guess is that they are trying to make GNU/Linux easy for the new user, so they figure that it is easier to provide one username and password than it is to explain the separation of the user account from the root account.
In any case, their reasoning is so bad that I felt compelled to start a whole thread about it. See: sudo rm -rf Ubuntu.
That having been said, there are some legitimate uses for sudo. For example, you may want to give normal users the ability to shutdown or hibernate the computer. In such cases, you could add:
- Code: Select all
%guest ALL = NOPASSWD: /usr/sbin/hibernate
%guest ALL = NOPASSWD: /sbin/shutdown
to your /etc/sudoers file. (Note: On my system, all users are in the guest group).
Alternatively, you may want to give user chris the power to run a command as user rich. For example, adding:
- Code: Select all
chris ALL = (rich) NOPASSWD: /usr/bin/whoami
to the /etc/sudoers file would enable chris to run:
- Code: Select all
sudo -u rich whoami
Because chris would be using sudo to run whoami as rich, the output of the command would be: "rich."
So go ahead and use sudo. Just be sure to limit the set of commands that the normal user may execute as root. For example, you should NOT allow a normal user to run an editor like Vi or Emacs as root.man sudoers wrote:PREVENTING SHELL ESCAPES
Once sudo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass sudo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs.
Hope this helps,
- Soul Singin'
zoli62 wrote:Why is it not preferable to use sudo by default in Debian?
d-i passwd/root-login boolean false
http://forums.debian.net/posting.php?mode=reply&f=20&t=144202#pr710672 ; by zoli62 » 2019-11-10 09:54 > Does this mean that if you set the root password during the installation, the first user created during the installation will not be part of the sudo group?
------ if you give root an empty password during installation, sudo will be installed and the first user will be able to use it to gain root access (currently, the user will be added to the sudo group). The system will also configure gksu and aptitude to use sudo. You should still verify group membership after logging in as the installed user.
zoli62>> Assigning a user to this group on a terminal in Debian 10 is not that easy, as the beginner / average user may encounter some error messages during the operation.
Users browsing this forum: No registered users and 10 guests