Debian User Forums

[trinidad]

IME in the enterprise sudo is the method of choice; in the last three engagements I've worked you're simply Not Going To Get The Root Password

Yes but there is another layer of security on the system, which is common on large systems, but still problematic. Large systems with multiple sudoers can certainly be a security risk. Administrators are moveing away from the practice, and/or adding a security layer, and/or technically limiting sudoer privileges per application across large networks, and/or running many non-risk administration tasks in user space instead, the security layer being vetted administrators.

TC

[zoli62]

http://forums.debian.net/posting.php?mode=reply&f=20&t=144202#pr710672 ; by zoli62 » 2019-11-10 09:54 > Does this mean that if you set the root password during the installation, the first user created during the installation will not be part of the sudo group?

To be honest , since I do not usually use sudo, nor install it, I might be wrong. But yes, if I remember correctly, when I did some experimenting with that, I had set the root password as I normally do. Then later I installed sudo, and did need to also make the first user (or what ever users I wanted), after sudo is installed, the users that the admin wants to give sudo privileges must be added to the sudoers group.
You should use "visudo" to do this , there are more details about the procedure available if one looks for them. You really should just read some documentation: (a good starting point: https://wiki.debian.org/sudo)

------ if you give root an empty password during installation, sudo will be installed and the first user will be able to use it to gain root access (currently, the user will be added to the sudo group). The system will also configure gksu and aptitude to use sudo. You should still verify group membership after logging in as the installed user.

===========

zoli62>> Assigning a user to this group on a terminal in Debian 10 is not that easy, as the beginner / average user may encounter some error messages during the operation.

It is simple and easy, but if it seems to complicated to you , perhaps you should use the MX :https://mxlinux.org/ distribution. Or any of the numerous others that install and set up sudo for you. As for encountering error messages, that is no big deal , fortunately there are error messages, and they usually help point you in the right direction. (Except when Gnome is involved, they just tell you "oh NO something went wrong")

I started using Debian when sudo didn't even exist. When sudo started, I already found the attitude of Ubuntu strange, because it reminded me of Windows, where UAC is used. I think using sudo gives the average user a false sense of security. In my opinion, we should be operating on an operating system either as an administrator or as a normal user. If we choose the former, we must be aware of all the risks involved. The problem is that in many cases, operating systems can only run useful system-level commands as an administrator. However, this is difficult for a beginner to understand, so he asks a more knowledgeable person to configure his own computer, so he won't learn to use GNU / Linux.

[wizard10000]

Yes but there is another layer of security on the system, which is common on large systems, but still problematic. Large systems with multiple sudoers can certainly be a security risk. Administrators are moveing away from the practice, and/or adding a security layer, and/or technically limiting sudoer privileges per application across large networks, and/or running many non-risk administration tasks in user space instead, the security layer being vetted administrators.

True. IMO the whole purpose of sudo isn't to act as a replacement for the root account, but to provide limited access where required.

[pendrachken]

Why is it not preferable to use sudo by default in Debian?

Because some users, like me , do not want to use "sudo" , those that do want to use it can install it and set it up if they so desire.

Just playing devils advocate here:

What makes YOUR use case more important than the person who wants to use sudo? It's easier to re-enable the root account than it is for a user to properly set up sudo. All you have to do is:

Code: Select all

$: sudo su -
#: passwd
Input a password 2X when prompted and done


[Deb-fan]

Of course + 1 Wiz10k and somewhat the other guy. As realistically on a multiuser system what semi-competent admin is going to give out sudo access to very many people anyway. Certainly not jane/joe avg user. Of course think sudo is cool though. Actually going to have to research it's history now, believe it originated with Canonical Inc/Ubuntu or thereabouts. Now there are these flatpak, snaps etc things for users who wish to install whatever (is allowed) and only affects their user acct. Like many am resistant to it, like the trusted and managed repositories setup as it is, don't so much like these new deal thingys but do see some potential. Also occurred to me I've been doing much the same thing forever in gnu/Nix, Firefox from Mozilla, not installed nor managed by the OS's packaging tools. Have also used stand-alone or portable apps forever and a day as well. On whichever OS and/or on a thumb-drive, shrugs.

In my view the whole root or sudo, one or other is kind of tarded. Mentioned I have/use both cause that's my preference but enabling/disabling (locking root acct) is a matter of secs or adding user with visudo/sudoers ... same. Each their own preference. One a MANY great things about gnu/Linux and Debian. You want it ? You can very likely have it really quickly. GOOGLE !

[Deb-fan]

LMFAO !!! Well was just a wee bit wrong on origins of sudo, per Wikipedia.

Robert Coggeshall and Cliff Spencer wrote the original subsystem around 1980 at the Department of Computer Science at SUNY/Buffalo.[10] Robert Coggeshall brought sudo with him to the University of Colorado Boulder. Between 1986 and 1993, the code and features were substantially modified by the IT staff of the University of Colorado Boulder Computer Science Department and the College of Engineering and Applied Science, including Todd C. Miller.[10] The current version has been publicly maintained by OpenBSD developer Todd C. Miller since 1994,[10] and has been distributed under a ISC-style license since 1999.[10]

Should've known originating something like sudo is wayyyy out of Canonical's league. They just likely popularized it, as they naturally assume a good chunk of their userbase are complete tektards and shouldn't have root access, LOL .. without imposing safe guards (training wheels etc) !!! Sad thing is they're right !

[Deb-fan]

WARNING POST CONTAINS ADULT HUMOR: If you can't handle such or your widdle feelers are easily hurt. Turn away from this post now !!!

HEY MAN, I've been using Ubuntu for 12yrs !!!

So that means you can turn your computer off now, without having to unplug it from the wall socket ?

[zoli62]

There are different Linux distros and there is Debian for everything.

[wizard10000]

In my view the whole root or sudo, one or other is kind of tarded.

My first wife was a tard. She's a pilot now.

[Deb-fan]

^ LMAO !! Gee thanks, that's a comforting thought. Looks up @ the ceiling. Was that a plane spiraling out of control towards my apartment ?

[wizard10000]

^ LMAO !! Gee thanks, that's a comforting thought. Looks up @ the ceiling. Was that a plane spiraling out of control towards my apartment ?

Actually that's a movie quote - Idiocracy. If you haven't seen it you're really missing out

[Deb-fan]

^ Hey will check it out. Hopefully available on YT. I must now take a break as I'm getting weird due to caffeine and sleep deprivation. I'd better sign off ! See ya later Wiz10k and fellow nixers. Tis movie time.

[hrsetrdr]

Sorry for posting up such an old thread, but this issue keeps nagging me for an answer. Since using Debian 10 I've noticed that using "sudo" has become the default now...apparently(?). I've been using Debian since Sarge was Stable, so this is unexpected...but maybe not, as Debian Wiki is saying:

Using sudo is better (safer) than opening a session as root for a number of reasons, including:

Nobody needs to know the root password (sudo prompts for the current user's password). Extra privileges can be granted to individual users temporarily, and then taken away without the need for a password change.

It's easy to run only the commands that require special privileges via sudo; the rest of the time, you work as an unprivileged user, which reduces the damage that mistakes can cause.
Auditing/logging: when a sudo command is executed, the original username and the command are logged.

For the reasons above, switching to root using sudo -i (or sudo su) is usually deprecated because it cancels the above features. https://wiki.debian.org/sudo/

No big deal, just curious.

[Onsemeliot]

I'm using Debian 10 (Buster) on different systems. And to my knowledge nothing has changed regarding the "sudo" command. You still can get it by not creating a root user. I think the installer is very clear about this. But as ever: you can only make an informed decision if you mindfully read what options the system offers you ...

And in general: I don't think distributions like Ubuntu are making much of a difference by using "sudo". Most users I know (and occasionally assist) don't want to use the terminal if they can somehow avoid it. The need to use the terminal is usually enough complication to shy away most people not interested in the inner workings of a system. Heck, most people just buy a new device if their system gets slow – without even asking if this could be overcome by some administration or other software. The question if their system could become more responsive by quicker storage or more memory isn't something most people would consider. Of course I am talking mostly about people who have always been limited by their proprietary systems where there actually often wasn't much you could do. At least in terms of optimisation on the system level.
People around me are obviously wealthy enough that buying new hardware isn't such a big deal. It is much more annoying for them to invest time than money.

[Head_on_a_Stick]

doas ftw!