Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Sudo or not sudo?
-
- Posts: 1101
- Joined: 2016-01-07 12:25
- Has thanked: 5 times
- Been thanked: 16 times
Re: Sudo or not sudo?
I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
Re: Sudo or not sudo?
I think you have to enter the root password during the installation, because it can't continue.Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
- Soul Singin'
- Posts: 1605
- Joined: 2008-12-21 07:02
Re: Sudo or not sudo?
Are you trying to start a flame war? This board used to have heated discussions on this topic.
Soul Singin' wrote:Using sudo to run a command as root is equivalent to logging into the root account and running that same command. Therefore, using sudo is certainly not safer than logging into the root account. In fact, one could argue that using sudo is less secure because people have a tendency to use easier passwords for their user account than they do for the root account.
So why does Ubuntu use sudo? My guess is that they are trying to make GNU/Linux easy for the new user, so they figure that it is easier to provide one username and password than it is to explain the separation of the user account from the root account.
In any case, their reasoning is so bad that I felt compelled to start a whole thread about it. See: sudo rm -rf Ubuntu.
That having been said, there are some legitimate uses for sudo. For example, you may want to give normal users the ability to shutdown or hibernate the computer. In such cases, you could add:
to your /etc/sudoers file. (Note: On my system, all users are in the guest group).Code: Select all
%guest ALL = NOPASSWD: /usr/sbin/hibernate %guest ALL = NOPASSWD: /sbin/shutdown
Alternatively, you may want to give user chris the power to run a command as user rich. For example, adding:
to the /etc/sudoers file would enable chris to run:Code: Select all
chris ALL = (rich) NOPASSWD: /usr/bin/whoami
Because chris would be using sudo to run whoami as rich, the output of the command would be: "rich."Code: Select all
sudo -u rich whoami
So go ahead and use sudo. Just be sure to limit the set of commands that the normal user may execute as root. For example, you should NOT allow a normal user to run an editor like Vi or Emacs as root.
Hope this helps,man sudoers wrote:PREVENTING SHELL ESCAPES
Once sudo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass sudo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs.
- Soul Singin'
Re: Sudo or not sudo?
Been biting my digi-tongue for this persons posts.
Gotta say, do your own homework and research dude !!! it's actually somewhat involved and I don't feel like typing a bk out so you don't have to find/read the already massive amounts of info on the topic yourself. After the kdesu thread, which again, not even touching it. You're obviously talking about using sudo to launch graphical apps-etc with privileges. Done right with the right flags/switches and some other associated junk, no problemo but again, am not attempting summarizing junk like this so you don't have to research and learn for yourself.
Gotta say, do your own homework and research dude !!! it's actually somewhat involved and I don't feel like typing a bk out so you don't have to find/read the already massive amounts of info on the topic yourself. After the kdesu thread, which again, not even touching it. You're obviously talking about using sudo to launch graphical apps-etc with privileges. Done right with the right flags/switches and some other associated junk, no problemo but again, am not attempting summarizing junk like this so you don't have to research and learn for yourself.
Most powerful FREE tech-support tool on the planet * HERE. *
-
- Posts: 677
- Joined: 2018-05-10 19:34
- Location: Some where out west
- Been thanked: 1 time
Re: Sudo or not sudo?
Because some users, like me , do not want to use "sudo" , those that do want to use it can install it and set it up if they so desire.zoli62 wrote:Why is it not preferable to use sudo by default in Debian?
Your thinking is wrong, maybe you should do some research, read some of the Debian documenation, but as Dai_trying said, if you don't set a root password, you will get sudo , no matter if you want it or not.zoli62 wrote:I think you have to enter the root password during the installation, because it can't continue.Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Re: Sudo or not sudo?
Jebuz if you are talking about something else. Sheesh, folks have mentioned either option is readily available. For a long time have taken to setting up a root acct, as well as having a sudo user. Esp when someone hasn't learned what they're doing, they can bork-up sudo or visudo/sudoers and find themselves at that point unable to do things on the OS which require privileges. If someone has a root acct they can log into, it just makes it a bit easier to unbork w/o resorting to chroot or whatever. Lol .. OP you really seem to be the king of one liners, shrugs and PLONK !
Tired as hades and mentally worn out. Though again ... if all someone can muster when discussing or asking about a fairly complex technical subject is one liners. They/ye forceth my hand PlOnk ... PLonk, PLONkkkkkkkkkk, PlOnK !!!!
Most powerful FREE tech-support tool on the planet * HERE. *
Re: Sudo or not sudo?
All right, maybe it is. Does this mean that if you set the root password during the installation, the first user created during the installation will not be part of the sudo group? You will need to add him later to this group, which requires some caution under Debian 10, as you may not be successful at first.https://linuxconfig.org/command-not-fou ... -gnu-linux https://devconnected.com/how-to-add-a-u ... 10-buster/ At least that's what I experienced.cuckooflew wrote:Because some users, like me , do not want to use "sudo" , those that do want to use it can install it and set it up if they so desire.zoli62 wrote:Why is it not preferable to use sudo by default in Debian?Your thinking is wrong, maybe you should do some research, read some of the Debian documenation, but as Dai_trying said, if you don't set a root password, you will get sudo , no matter if you want it or not.zoli62 wrote:I think you have to enter the root password during the installation, because it can't continue.Dai_trying wrote:I can't directly answer your question but I just wanted to point out that sudo is the default if you do not enter a root password when installing.
Re: Sudo or not sudo?
Deb-fan wrote:Been biting my digi-tongue for this persons posts.
Gotta say, do your own homework and research dude !!! it's actually somewhat involved and I don't feel like typing a bk out so you don't have to find/read the already massive amounts of info on the topic yourself. After the kdesu thread, which again, not even touching it. You're obviously talking about using sudo to launch graphical apps-etc with privileges. Done right with the right flags/switches and some other associated junk, no problemo but again, am not attempting summarizing junk like this so you don't have to research and learn for yourself.
This topic is not about how to run graphical applications with root privilege. Rather, although Debian is becoming more beginner friendly, after a basic installation is done normally, the user wonders why he himself cannot do a system upgrade, for example. Well, because you are not a member of the sudo group by default, like this is common in other distros. Assigning a user to this group on a terminal in Debian 10 is not that easy, as the beginner / average user may encounter some error messages during the operation.
Re: Sudo or not sudo?
I do not want to launch flame war I just want to understand that while Debian is also moving towards becoming more beginner friendly, why not prefer sudo, as is usual in other distros. The issue is philosophical and theoretical rather than professional.Soul Singin' wrote:Are you trying to start a flame war? This board used to have heated discussions on this topic.
Soul Singin' wrote:Using sudo to run a command as root is equivalent to logging into the root account and running that same command. Therefore, using sudo is certainly not safer than logging into the root account. In fact, one could argue that using sudo is less secure because people have a tendency to use easier passwords for their user account than they do for the root account.
So why does Ubuntu use sudo? My guess is that they are trying to make GNU/Linux easy for the new user, so they figure that it is easier to provide one username and password than it is to explain the separation of the user account from the root account.
In any case, their reasoning is so bad that I felt compelled to start a whole thread about it. See: sudo rm -rf Ubuntu.
That having been said, there are some legitimate uses for sudo. For example, you may want to give normal users the ability to shutdown or hibernate the computer. In such cases, you could add:
to your /etc/sudoers file. (Note: On my system, all users are in the guest group).Code: Select all
%guest ALL = NOPASSWD: /usr/sbin/hibernate %guest ALL = NOPASSWD: /sbin/shutdown
Alternatively, you may want to give user chris the power to run a command as user rich. For example, adding:
to the /etc/sudoers file would enable chris to run:Code: Select all
chris ALL = (rich) NOPASSWD: /usr/bin/whoami
Because chris would be using sudo to run whoami as rich, the output of the command would be: "rich."Code: Select all
sudo -u rich whoami
So go ahead and use sudo. Just be sure to limit the set of commands that the normal user may execute as root. For example, you should NOT allow a normal user to run an editor like Vi or Emacs as root.
Hope this helps,man sudoers wrote:PREVENTING SHELL ESCAPES
Once sudo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass sudo's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs.
- Soul Singin'
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Sudo or not sudo?
Debian uses sudo by default unless a root password is provided.zoli62 wrote:Why is it not preferable to use sudo by default in Debian?
If it bothers you that much use this line in a preseed file:
Code: Select all
d-i passwd/root-login boolean false
deadbang
Re: Sudo or not sudo?
It's a matter of choice; however, a lot of new Debian users coming from Ubuntu to this place don't take long to discard sudo for su -, probably because sudo is not used in most topics so they end up doing the same.
Something I've noticed is sudo often gets thrown into commands unnecessarily as in, for example
$ sudo lspci
or when simulating a command like:
$ apt install -s vrms
I can't be bothered with sudo though I occasionally use it when some tutorial includes it but I put that down to laziness.
Nothing new under the sun, as the saying goes. This is like revisiting an old forum topic from ten years ago: Do you sudo?
But hey...what goes around comes around.
Something I've noticed is sudo often gets thrown into commands unnecessarily as in, for example
$ sudo lspci
or when simulating a command like:
$ apt install -s vrms
I can't be bothered with sudo though I occasionally use it when some tutorial includes it but I put that down to laziness.
Nothing new under the sun, as the saying goes. This is like revisiting an old forum topic from ten years ago: Do you sudo?
But hey...what goes around comes around.
Last edited by kedaha on 2019-11-10 12:08, edited 1 time in total.
DebianStable
Code: Select all
$ vrms
No non-free or contrib packages installed on debian! rms would be proud.
- wizard10000
- Global Moderator
- Posts: 596
- Joined: 2019-04-16 23:15
- Location: southeastern us
- Has thanked: 78 times
- Been thanked: 89 times
Re: Sudo or not sudo?
IME in the enterprise sudo is the method of choice; in the last three engagements I've worked you're simply Not Going To Get The Root Password.
Said it before, but when I worked for Department of Defense root passwords were stored in a safe, changed after each use and if you couldn't explain to IT Security a) why you needed to do it, and b) why you couldn't do it with sudo you weren't getting the password.
But - on their own machine I think people should use whatever they like
Said it before, but when I worked for Department of Defense root passwords were stored in a safe, changed after each use and if you couldn't explain to IT Security a) why you needed to do it, and b) why you couldn't do it with sudo you weren't getting the password.
But - on their own machine I think people should use whatever they like
we see things not as they are, but as we are.
-- anais nin
-- anais nin
-
- Posts: 677
- Joined: 2018-05-10 19:34
- Location: Some where out west
- Been thanked: 1 time
Re: Sudo or not sudo?
To be honest , since I do not usually use sudo, nor install it, I might be wrong. But yes, if I remember correctly, when I did some experimenting with that, I had set the root password as I normally do. Then later I installed sudo, and did need to also make the first user (or what ever users I wanted), after sudo is installed, the users that the admin wants to give sudo privileges must be added to the sudoers group.http://forums.debian.net/posting.php?mo ... 2#pr710672 ; by zoli62 » 2019-11-10 09:54 > Does this mean that if you set the root password during the installation, the first user created during the installation will not be part of the sudo group?
You should use "visudo" to do this , there are more details about the procedure available if one looks for them. You really should just read some documentation: (a good starting point: https://wiki.debian.org/sudo)
===========------ if you give root an empty password during installation, sudo will be installed and the first user will be able to use it to gain root access (currently, the user will be added to the sudo group). The system will also configure gksu and aptitude to use sudo. You should still verify group membership after logging in as the installed user.
It is simple and easy, but if it seems to complicated to you , perhaps you should use the MX :https://mxlinux.org/ distribution. Or any of the numerous others that install and set up sudo for you. As for encountering error messages, that is no big deal , fortunately there are error messages, and they usually help point you in the right direction. (Except when Gnome is involved, they just tell you "oh NO something went wrong")zoli62>> Assigning a user to this group on a terminal in Debian 10 is not that easy, as the beginner / average user may encounter some error messages during the operation.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Re: Sudo or not sudo?
Yes but there is another layer of security on the system, which is common on large systems, but still problematic. Large systems with multiple sudoers can certainly be a security risk. Administrators are moveing away from the practice, and/or adding a security layer, and/or technically limiting sudoer privileges per application across large networks, and/or running many non-risk administration tasks in user space instead, the security layer being vetted administrators.IME in the enterprise sudo is the method of choice; in the last three engagements I've worked you're simply Not Going To Get The Root Password
TC
You can't believe your eyes if your imagination is out of focus.
Re: Sudo or not sudo?
I started using Debian when sudo didn't even exist. When sudo started, I already found the attitude of Ubuntu strange, because it reminded me of Windows, where UAC is used. I think using sudo gives the average user a false sense of security. In my opinion, we should be operating on an operating system either as an administrator or as a normal user. If we choose the former, we must be aware of all the risks involved. The problem is that in many cases, operating systems can only run useful system-level commands as an administrator. However, this is difficult for a beginner to understand, so he asks a more knowledgeable person to configure his own computer, so he won't learn to use GNU / Linux.cuckooflew wrote:To be honest , since I do not usually use sudo, nor install it, I might be wrong. But yes, if I remember correctly, when I did some experimenting with that, I had set the root password as I normally do. Then later I installed sudo, and did need to also make the first user (or what ever users I wanted), after sudo is installed, the users that the admin wants to give sudo privileges must be added to the sudoers group.http://forums.debian.net/posting.php?mo ... 2#pr710672 ; by zoli62 » 2019-11-10 09:54 > Does this mean that if you set the root password during the installation, the first user created during the installation will not be part of the sudo group?
You should use "visudo" to do this , there are more details about the procedure available if one looks for them. You really should just read some documentation: (a good starting point: https://wiki.debian.org/sudo)===========------ if you give root an empty password during installation, sudo will be installed and the first user will be able to use it to gain root access (currently, the user will be added to the sudo group). The system will also configure gksu and aptitude to use sudo. You should still verify group membership after logging in as the installed user.It is simple and easy, but if it seems to complicated to you , perhaps you should use the MX :https://mxlinux.org/ distribution. Or any of the numerous others that install and set up sudo for you. As for encountering error messages, that is no big deal , fortunately there are error messages, and they usually help point you in the right direction. (Except when Gnome is involved, they just tell you "oh NO something went wrong")zoli62>> Assigning a user to this group on a terminal in Debian 10 is not that easy, as the beginner / average user may encounter some error messages during the operation.
- wizard10000
- Global Moderator
- Posts: 596
- Joined: 2019-04-16 23:15
- Location: southeastern us
- Has thanked: 78 times
- Been thanked: 89 times
Re: Sudo or not sudo?
True. IMO the whole purpose of sudo isn't to act as a replacement for the root account, but to provide limited access where required.trinidad wrote:Yes but there is another layer of security on the system, which is common on large systems, but still problematic. Large systems with multiple sudoers can certainly be a security risk. Administrators are moveing away from the practice, and/or adding a security layer, and/or technically limiting sudoer privileges per application across large networks, and/or running many non-risk administration tasks in user space instead, the security layer being vetted administrators.
we see things not as they are, but as we are.
-- anais nin
-- anais nin
-
- Posts: 1394
- Joined: 2007-03-04 21:10
- Location: U.S.A. - WI.
Re: Sudo or not sudo?
Just playing devils advocate here:cuckooflew wrote:Because some users, like me , do not want to use "sudo" , those that do want to use it can install it and set it up if they so desire.zoli62 wrote:Why is it not preferable to use sudo by default in Debian?
What makes YOUR use case more important than the person who wants to use sudo? It's easier to re-enable the root account than it is for a user to properly set up sudo. All you have to do is:
Code: Select all
$: sudo su -
#: passwd
Input a password 2X when prompted and done
fortune -o
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
Re: Sudo or not sudo?
Of course + 1 Wiz10k and somewhat the other guy. As realistically on a multiuser system what semi-competent admin is going to give out sudo access to very many people anyway. Certainly not jane/joe avg user. Of course think sudo is cool though. Actually going to have to research it's history now, believe it originated with Canonical Inc/Ubuntu or thereabouts. Now there are these flatpak, snaps etc things for users who wish to install whatever (is allowed) and only affects their user acct. Like many am resistant to it, like the trusted and managed repositories setup as it is, don't so much like these new deal thingys but do see some potential. Also occurred to me I've been doing much the same thing forever in gnu/Nix, Firefox from Mozilla, not installed nor managed by the OS's packaging tools. Have also used stand-alone or portable apps forever and a day as well. On whichever OS and/or on a thumb-drive, shrugs.
In my view the whole root or sudo, one or other is kind of tarded. Mentioned I have/use both cause that's my preference but enabling/disabling (locking root acct) is a matter of secs or adding user with visudo/sudoers ... same. Each their own preference. One a MANY great things about gnu/Linux and Debian. You want it ? You can very likely have it really quickly. GOOGLE !
In my view the whole root or sudo, one or other is kind of tarded. Mentioned I have/use both cause that's my preference but enabling/disabling (locking root acct) is a matter of secs or adding user with visudo/sudoers ... same. Each their own preference. One a MANY great things about gnu/Linux and Debian. You want it ? You can very likely have it really quickly. GOOGLE !
Most powerful FREE tech-support tool on the planet * HERE. *