Suggestion: Sudo in standart installation

[DingoBoy]

Pretty simple:
Is there any specific installation that a default-configured sudo option is only avaliable in the expert install? I believe it would be a good option to include directly in the normal install, because, I hope we agree, sudo is much safer.

Is there any specific reason this has been left out? If it is a very tricky thing to do, I apologise for my ignorance.

Just curious.

Comradely, DingoBoy.

[Telemachus]

Pretty simple:
Is there any specific installation that a default-configured sudo option is only avaliable in the expert install? I believe it would be a good option to include directly in the normal install, because, I hope we agree, sudo is much safer.

Ah, but there's the rub. We don't agree: sudo is not much safer.

It's easy to install, if you want it. Just use your favorite package manager and install sudo. Then use the helper program visudo to set it up.

[saulgoode]

The "default configuration" of SUDO is to behave as though SUDO was not installed (i.e., no privileges granted except to root). I don't see any real problem were SUDO to be automatically installed using this configuration, but I also don't see much point.

[BioTube]

I don't see how sudo is much safer if abused to be an alternative to su. It is meant to allow people who need to do certain things root privileges FOR THOSE THINGS ONLY(hence why the root password isn't asked for). For example, I have a script that takes down a network interface and brings it back up; I use sudo(and a wrapper script) to allow the other users of this machine to use it without problem(note that sudo's configured to only let them run the script, not ifupdown). Using sudo to replace su is just asking to get your system shot to hell since malware just has to put itself in a loop, periodically trying sudo until you do something requiring admin rights and therefore allowing the malware the ability to cripple your system without so much as your password. You can configure sudo to always require a password, but then it's little different than su -c 'command'.

[didi]

I think it would be a very bad idea.

Sudo is meant to be used in a specific way, like BioTube described, to grant normal users privileges to a command which normally requires root access.
It is not meant as a replacement for the root account, even though Ubuntu makes you think otherwise. The Ubuntu way is WRONG as it makes it's users forget the importance of security, since most of it's users grant all root privileges to all users.
Linux is so secure because when you are going to make system-wide changes you need root access, which is a good reminder that you're going to do sth significant to your system and you should be careful what you're doing.
Ubuntu's use of sudo pretty much negates that, by not 'bothering' you with such issues as security

Sudo is a very powerfull and useful tool and they even recommend it's use in Linux Administration Handbook (2nd edition), but only in the way it was meant to be used:

Provide limited super user privileges to specific users
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is
to give as few privileges as possible but still allow people to get their work done.

Ppl who realize that will know that all they have to do is

Code: Select all

aptitude install sudo

to get what they want.
Including it in the default install encourages the wrong way to use sudo, so that's why I think it's a bad idea.

[infinitycircuit]

Pretty simple:
Is there any specific installation that a default-configured sudo option is only avaliable in the expert install? I believe it would be a good option to include directly in the normal install, because, I hope we agree, sudo is much safer.

Is there any specific reason this has been left out? If it is a very tricky thing to do, I apologise for my ignorance.

Just curious.

Comradely, DingoBoy.

A default-configured sudo in the expert install comes at the expense of not configuring the root account. This is unacceptable.

[BioTube]

I've always found sudo to be installed by default, just configured for root alone. The fact that debian-installer will disable the root account should be corrected forthwith.

[infinitycircuit]

Sudo is neither priority required not important. It is brought in by the Desktop task as a dependency of gksu.

[BioTube]

Ahhh... I get it now - I install gparted as a matter of course(wasn't there a qtparted? I remember running into some monstrosity by that name) and it pulls in sudo.

[Jackiebrown]

I use it the way BioTube does - for very specific apps.

The difference is, no one else uses my machine so its mainly one or two apps that I use multiple times a day or for a script.

I think the only one set right now is make (which is probably one of the more dangerous ones to set, but since I compile KDE daily, I was willing to sacrifice risk it versus going into my bash history and deleting it every time I type the password to quick after typing su.

[infinitycircuit]

I only use sudo for cowbuilder so that git-buildpackage can be run without babysitting. The difference between typing su root -c and sudo is infinitesimal anyway.

[didi]

We will try to ensure that software is configured for the most common desktop use. For instance, the regular user account added by default during installation should have permission to play audio and video, print, and manage the system through sudo.

Looks kind of official and kind of scary ...

[Jackiebrown]

That page was for when sarge was the testing branch.

[mzilikazi]

Personally I won't use sudo at all. I just don't see any point not to mention the complete and total lack of securty it creates. I've never booted Ubuntu. What happens if you do this?

Code: Select all

sudo rm -rf /some/dir

(Don't try this at home boys & girls)
Would it nuke your entire dir?

[BioTube]

If you're stupid enough to abuse it Ubuntu-style. An intelligent admin would never give a user 'sudo' rights to rm.

[Telemachus]

Personally I won't use sudo at all. I just don't see any point not to mention the complete and total lack of securty it creates. I've never booted Ubuntu. What happens if you do this?

Code: Select all

sudo rm -rf /some/dir

(Don't try this at home boys & girls)
Would it nuke your entire dir?

I'm not sure I follow your argument. Assume you are using Ubuntu: after you type that command, you still have to enter a password. Ubuntu is not set to allow password-free superuser privileges to regular users. One gotcha, however, is that I believe the default in Ubuntu is a 15 minute no-password period, after you enter your pass. That is, every subsequent sudo command for the next 15 minutes does not require a password. That's a very poor default, I think.

That said, in Debian what's to stop me from entering this?

Code: Select all

su -c 'rm -rf /some/dir'

The only difference is that after I type that, I need to enter a root password rather than my regular user password. I agree that this is somewhat more secure, but it isn't night and day.

[mzilikazi]

That said, in Debian what's to stop me from entering this?

Code: Select all

su -c 'rm -rf /some/dir'

The only difference is that after I type that, I need to enter a root password rather than my regular user password. I agree that this is somewhat more secure, but it isn't night and day.

The difference is that you have a user & root and only root can do those sorts of things. Keep in mind that not evey system has only one user.

That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Personally, I always thought it much faster to just get root and do what it is you have to do rather than typing sudo each time.

[Telemachus]

That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.

[bugsbunny]

That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.

Debian's default is also 15 minutes.

[Telemachus]

That 15 minutes of no sudo password....yeah that wouldn't be secure at all (if that is in fact how it works).

Not secure and not smart. It's a default setting on at least two distros that I know of (Ubuntu, Mac OS X), but it's easily changed. On the other hand, many of the people using those distros don't know how to change it.

Debian's default is also 15 minutes.

Maybe 15 minutes is the default sudo default. That is, if sudo is installed, a 15 minute time per entry of password is the default.