Sudo or not sudo?

Here you can discuss every aspect of Debian. Note: not for support requests!

Sudo or not sudo?

Postby zoli62 » 2019-11-09 16:52

Why is it not preferable to use sudo by default in Debian?
zoli62
 
Posts: 17
Joined: 2019-11-09 04:09

Re: Sudo or not sudo?

Postby Dai_trying » 2019-11-09 17:49

I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
Dai_trying
 
Posts: 829
Joined: 2016-01-07 12:25

Re: Sudo or not sudo?

Postby Bulkley » 2019-11-09 18:32

Personally, I don't like sudo. To me, it's a cheat.
Bulkley
 
Posts: 5848
Joined: 2006-02-11 18:35

Re: Sudo or not sudo?

Postby zoli62 » 2019-11-09 18:40

Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.


I think you have to enter the root password during the installation, because it can't continue.
zoli62
 
Posts: 17
Joined: 2019-11-09 04:09

Re: Sudo or not sudo?

Postby Soul Singin' » 2019-11-09 18:45

Are you trying to start a flame war? This board used to have heated discussions on this topic.

Soul Singin' wrote:Using sudo to run a command as root is equivalent to logging into the root account and running that same command. Therefore, using sudo is certainly not safer than logging into the root account. In fact, one could argue that using sudo is less secure because people have a tendency to use easier passwords for their user account than they do for the root account.

So why does Ubuntu use sudo? My guess is that they are trying to make GNU/Linux easy for the new user, so they figure that it is easier to provide one username and password than it is to explain the separation of the user account from the root account.

In any case, their reasoning is so bad that I felt compelled to start a whole thread about it. See: sudo rm -rf Ubuntu.

That having been said, there are some legitimate uses for sudo. For example, you may want to give normal users the ability to shutdown or hibernate the computer. In such cases, you could add:

Code: Select all
%guest  ALL = NOPASSWD: /usr/sbin/hibernate
%guest  ALL = NOPASSWD: /sbin/shutdown

to your /etc/sudoers file. (Note: On my system, all users are in the guest group).

Alternatively, you may want to give user chris the power to run a command as user rich. For example, adding:

Code: Select all
chris    ALL = (rich) NOPASSWD: /usr/bin/whoami

to the /etc/sudoers file would enable chris to run:

Code: Select all
sudo -u rich whoami

Because chris would be using sudo to run whoami as rich, the output of the command would be: "rich."


So go ahead and use sudo. Just be sure to limit the set of commands that the normal user may execute as root. For example, you should NOT allow a normal user to run an editor like Vi or Emacs as root.

man sudoers wrote:PREVENTING SHELL ESCAPES

Once sudo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass sudo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs.


Hope this helps,
- Soul Singin'
User avatar
Soul Singin'
 
Posts: 1582
Joined: 2008-12-21 07:02

Re: Sudo or not sudo?

Postby Deb-fan » 2019-11-09 19:08

Been biting my digi-tongue for this persons posts. :P

Gotta say, do your own homework and research dude !!! it's actually somewhat involved and I don't feel like typing a bk out so you don't have to find/read the already massive amounts of info on the topic yourself. After the kdesu thread, which again, not even touching it. You're obviously talking about using sudo to launch graphical apps-etc with privileges. Done right with the right flags/switches and some other associated junk, no problemo but again, am not attempting summarizing junk like this so you don't have to research and learn for yourself. :D
Deb-fan
 
Posts: 445
Joined: 2012-08-14 12:27

Re: Sudo or not sudo?

Postby cuckooflew » 2019-11-09 19:21

zoli62 wrote:Why is it not preferable to use sudo by default in Debian?

Because some users, like me , do not want to use "sudo" , those that do want to use it can install it and set it up if they so desire.
zoli62 wrote:
Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.


I think you have to enter the root password during the installation, because it can't continue.

Your thinking is wrong, maybe you should do some research, read some of the Debian documenation, but as Dai_trying said, if you don't set a root password, you will get sudo , no matter if you want it or not.
My grand father knows all about everything:
…one flew east, one flew west,
One flew over the cuckoo’s nest.
cuckooflew
 
Posts: 74
Joined: 2018-05-10 19:34
Location: Some where out west

Re: Sudo or not sudo?

Postby Deb-fan » 2019-11-09 19:49

Jebuz if you are talking about something else. Sheesh, folks have mentioned either option is readily available. For a long time have taken to setting up a root acct, as well as having a sudo user. Esp when someone hasn't learned what they're doing, they can bork-up sudo or visudo/sudoers and find themselves at that point unable to do things on the OS which require privileges. If someone has a root acct they can log into, it just makes it a bit easier to unbork w/o resorting to chroot or whatever. Lol .. OP you really seem to be the king of one liners, shrugs and PLONK ! :D

Tired as hades and mentally worn out. Though again ... if all someone can muster when discussing or asking about a fairly complex technical subject is one liners. They/ye forceth my hand PlOnk ... PLonk, PLONkkkkkkkkkk, PlOnK !!!!
Deb-fan
 
Posts: 445
Joined: 2012-08-14 12:27

Re: Sudo or not sudo?

Postby zoli62 » 2019-11-10 09:54

cuckooflew wrote:
zoli62 wrote:Why is it not preferable to use sudo by default in Debian?

Because some users, like me , do not want to use "sudo" , those that do want to use it can install it and set it up if they so desire.
zoli62 wrote:
Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.


I think you have to enter the root password during the installation, because it can't continue.

Your thinking is wrong, maybe you should do some research, read some of the Debian documenation, but as Dai_trying said, if you don't set a root password, you will get sudo , no matter if you want it or not.


All right, maybe it is. Does this mean that if you set the root password during the installation, the first user created during the installation will not be part of the sudo group? You will need to add him later to this group, which requires some caution under Debian 10, as you may not be successful at first.https://linuxconfig.org/command-not-fou ... -gnu-linux https://devconnected.com/how-to-add-a-u ... 10-buster/ At least that's what I experienced.
zoli62
 
Posts: 17
Joined: 2019-11-09 04:09

Re: Sudo or not sudo?

Postby zoli62 » 2019-11-10 10:07

Deb-fan wrote:Been biting my digi-tongue for this persons posts. :P

Gotta say, do your own homework and research dude !!! it's actually somewhat involved and I don't feel like typing a bk out so you don't have to find/read the already massive amounts of info on the topic yourself. After the kdesu thread, which again, not even touching it. You're obviously talking about using sudo to launch graphical apps-etc with privileges. Done right with the right flags/switches and some other associated junk, no problemo but again, am not attempting summarizing junk like this so you don't have to research and learn for yourself. :D



This topic is not about how to run graphical applications with root privilege. Rather, although Debian is becoming more beginner friendly, after a basic installation is done normally, the user wonders why he himself cannot do a system upgrade, for example. Well, because you are not a member of the sudo group by default, like this is common in other distros. Assigning a user to this group on a terminal in Debian 10 is not that easy, as the beginner / average user may encounter some error messages during the operation.
zoli62
 
Posts: 17
Joined: 2019-11-09 04:09

Re: Sudo or not sudo?

Postby zoli62 » 2019-11-10 10:16

Soul Singin' wrote:Are you trying to start a flame war? This board used to have heated discussions on this topic.

Soul Singin' wrote:Using sudo to run a command as root is equivalent to logging into the root account and running that same command. Therefore, using sudo is certainly not safer than logging into the root account. In fact, one could argue that using sudo is less secure because people have a tendency to use easier passwords for their user account than they do for the root account.

So why does Ubuntu use sudo? My guess is that they are trying to make GNU/Linux easy for the new user, so they figure that it is easier to provide one username and password than it is to explain the separation of the user account from the root account.

In any case, their reasoning is so bad that I felt compelled to start a whole thread about it. See: sudo rm -rf Ubuntu.

That having been said, there are some legitimate uses for sudo. For example, you may want to give normal users the ability to shutdown or hibernate the computer. In such cases, you could add:

Code: Select all
%guest  ALL = NOPASSWD: /usr/sbin/hibernate
%guest  ALL = NOPASSWD: /sbin/shutdown

to your /etc/sudoers file. (Note: On my system, all users are in the guest group).

Alternatively, you may want to give user chris the power to run a command as user rich. For example, adding:

Code: Select all
chris    ALL = (rich) NOPASSWD: /usr/bin/whoami

to the /etc/sudoers file would enable chris to run:

Code: Select all
sudo -u rich whoami

Because chris would be using sudo to run whoami as rich, the output of the command would be: "rich."


So go ahead and use sudo. Just be sure to limit the set of commands that the normal user may execute as root. For example, you should NOT allow a normal user to run an editor like Vi or Emacs as root.

man sudoers wrote:PREVENTING SHELL ESCAPES

Once sudo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass sudo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs.


Hope this helps,
- Soul Singin'


I do not want to launch flame war I just want to understand that while Debian is also moving towards becoming more beginner friendly, why not prefer sudo, as is usual in other distros. The issue is philosophical and theoretical rather than professional.
zoli62
 
Posts: 17
Joined: 2019-11-09 04:09

Re: Sudo or not sudo?

Postby Head_on_a_Stick » 2019-11-10 10:20

zoli62 wrote:Why is it not preferable to use sudo by default in Debian?

Debian uses sudo by default unless a root password is provided.

If it bothers you that much use this line in a preseed file:
Code: Select all
d-i passwd/root-login boolean false

^ That will stop the installer asking for a root password.
Don't break DebianHow to report bugs

SharpBang GNU/Linux — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10675
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Sudo or not sudo?

Postby kedaha » 2019-11-10 10:30

It's a matter of choice; however, a lot of new Debian users coming from Ubuntu to this place don't take long to discard sudo for su -, probably because sudo is not used in most topics so they end up doing the same.
Something I've noticed is sudo often gets thrown into commands unnecessarily as in, for example
$ sudo lspci
or when simulating a command like:
$ apt install -s vrms
I can't be bothered with sudo though I occasionally use it when some tutorial includes it but I put that down to laziness.
Nothing new under the sun, as the saying goes. This is like revisiting an old forum topic from ten years ago: Do you sudo?
But hey...what goes around comes around. :wink:
Last edited by kedaha on 2019-11-10 12:08, edited 1 time in total.
Mate DE & OSSv4.
FreedomBox in Debian
ispmail
Debian Stable

Words, as is well known, are the great foes of reality. Joseph Conrad.
Kedaha's Conjecture
User avatar
kedaha
 
Posts: 3033
Joined: 2008-05-24 12:26

Re: Sudo or not sudo?

Postby wizard10000 » 2019-11-10 11:29

IME in the enterprise sudo is the method of choice; in the last three engagements I've worked you're simply Not Going To Get The Root Password.

Said it before, but when I worked for Department of Defense root passwords were stored in a safe, changed after each use and if you couldn't explain to IT Security a) why you needed to do it, and b) why you couldn't do it with sudo you weren't getting the password.

But - on their own machine I think people should use whatever they like :mrgreen:
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 104
Joined: 2019-04-16 23:15
Location: southeastern us

Re: Sudo or not sudo?

Postby cuckooflew » 2019-11-10 13:51

http://forums.debian.net/posting.php?mode=reply&f=20&t=144202#pr710672 ; by zoli62 » 2019-11-10 09:54 > Does this mean that if you set the root password during the installation, the first user created during the installation will not be part of the sudo group?

To be honest , since I do not usually use sudo, nor install it, I might be wrong. But yes, if I remember correctly, when I did some experimenting with that, I had set the root password as I normally do. Then later I installed sudo, and did need to also make the first user (or what ever users I wanted), after sudo is installed, the users that the admin wants to give sudo privileges must be added to the sudoers group.
You should use "visudo" to do this , there are more details about the procedure available if one looks for them. You really should just read some documentation: (a good starting point: https://wiki.debian.org/sudo)
------ if you give root an empty password during installation, sudo will be installed and the first user will be able to use it to gain root access (currently, the user will be added to the sudo group). The system will also configure gksu and aptitude to use sudo. You should still verify group membership after logging in as the installed user.

===========
zoli62>> Assigning a user to this group on a terminal in Debian 10 is not that easy, as the beginner / average user may encounter some error messages during the operation.

It is simple and easy, but if it seems to complicated to you , perhaps you should use the MX :https://mxlinux.org/ distribution. Or any of the numerous others that install and set up sudo for you. As for encountering error messages, that is no big deal , fortunately there are error messages, and they usually help point you in the right direction. (Except when Gnome is involved, they just tell you "oh NO something went wrong")
My grand father knows all about everything:
…one flew east, one flew west,
One flew over the cuckoo’s nest.
cuckooflew
 
Posts: 74
Joined: 2018-05-10 19:34
Location: Some where out west

Next

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable