Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Root Disabled vs SUDO Disabled?
-
- Posts: 1
- Joined: 2018-03-02 01:30
Root Disabled vs SUDO Disabled?
The Debian installer gives the choice to create a root password or not. If not, the root account is disabled and sudo is enabled for the primary user account. Which choice is preferred? Is it more secure to keep the root account disabled?
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Root Disabled vs SUDO Disabled?
I all ways set a root password. I never use "sudo", I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you, but I might be wrong, never have really used it, but way back a long time ago when I tried xubuntu , that is where I saw they use sudo.
If using sudo gives you all of same permissions root has, then it is not any more secure, any user in the sudo group could do the same amount of damage, or administration.
From what I have seen on this forum, these "super user do" folks , have a lot of problems, when they do not set a root password, and then they find they do not have access to system files they need to work with. So I would think it would be wise to set a root password, and a good one, and then keep it in a safe place, in case you do need it. And then be very care full about which users you put in the sudo group, ...
I suppose , in some ways it might be, but How will you administer the system with out a root account ?Amandaville » Is it more secure to keep the root account disabled?
If using sudo gives you all of same permissions root has, then it is not any more secure, any user in the sudo group could do the same amount of damage, or administration.
From what I have seen on this forum, these "super user do" folks , have a lot of problems, when they do not set a root password, and then they find they do not have access to system files they need to work with. So I would think it would be wise to set a root password, and a good one, and then keep it in a safe place, in case you do need it. And then be very care full about which users you put in the sudo group, ...
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
Re: Root Disabled vs SUDO Disabled?
I do far less as root when using sudo for the commands really needing superpowers only instead of constantly switching to a root shell and I think that's good.
Sure my root still has a password but using that is "plan b".
Sure my root still has a password but using that is "plan b".
"I have a natural instinct for science" — DJ Trump.
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???
Re: Root Disabled vs SUDO Disabled?
i was wondering too.GarryRicketson wrote:I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you
has this changed recently?
or is op really talking about *butnut?
Re: Root Disabled vs SUDO Disabled?
It is in expert installs.GarryRicketson wrote:I did not know Debian had started installing sudo in a default install, I think it is Ubuntu that does that for you
Cant attach a screenshot of the installer in Qemu... :-( because the forum wrote:Sorry, the board attachment quota has been reached.
"I have a natural instinct for science" — DJ Trump.
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???
"Vrijdag voor VT100!" — Yeti.
"There is no PLANET-B!" — ???
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Root Disabled vs SUDO Disabled?
I remove sudo from my systems then lock the root account and add these lines to /etc/pam.d/su{,-l}:
I then create the wheel group and add my main user (only!):
That allows my user to `su` to root without a password with no other method of obtaining root privileges available on that box.
APT has a complete fit when you ask it to remove sudo with the root account locked, it's really funny
Code: Select all
auth required pam_wheel.so use_uid
auth sufficient pam_wheel.so trust use_uid
Code: Select all
# groupadd wheel
# gpasswd -a $USER wheel
APT has a complete fit when you ask it to remove sudo with the root account locked, it's really funny
deadbang
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Root Disabled vs SUDO Disabled?
No need for the screen shot, I believe you, but for future reference:Cant attach a screenshot of the installer in Qemu...
because the forum wrote:
Sorry, the board attachment quota has been reached.
Attachments, How to post a screen shot and use code boxes
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
Re: Root Disabled vs SUDO Disabled?
Also it could be added to all those points there that it is possible to give sudo for a set temporary time period then have it expire (or even expire the entire account), but it is harder to give full root access to some one and then take that back somehow. Furthermore, with sudo actions will be logged under the name of the user, whereas if you pass out root then all will be marked as root and it will be harder to say later on who did what and when. But when you are the only user of the machine it does not matter and I feel that using sudo gives little to no benefit.
Re: Root Disabled vs SUDO Disabled?
i always go the way of root password
i'm pretty sure it was the recommend way and i would be a bit surprised it it still wasn't
edit - i do enable sudo though after install. but i sett it to always ask for root password rather than user password
i'm pretty sure it was the recommend way and i would be a bit surprised it it still wasn't
edit - i do enable sudo though after install. but i sett it to always ask for root password rather than user password
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid