HOWTO Setup sudo to Avoid Entering a Password

Share your own howto's etc. Not for support questions!
Message
Author
User avatar
TobiSGD
Posts: 859
Joined: 2010-05-08 22:27
Location: Hannover, Germany

Re: HOWTO Setup sudo to Avoid Entering a Password

#21 Post by TobiSGD »

ziggybopbopdoo wrote:I am the only user so no need for restricting which commands I can use.
A common misconception. You are not, as long as your system is connected to the web and you are running a browser without add-ons like Noscript.

User avatar
saulgoode
Posts: 1545
Joined: 2007-10-22 11:34

Re: HOWTO Setup sudo to Avoid Entering a Password

#22 Post by saulgoode »

dilberts_left_nut wrote:It is simply information (also available elsewhere) that some may find useful.
Agreed. And the information is not wrong and, in certain scenarios, not even misguided.
dilberts_left_nut wrote:I question exactly *which* situations would call for it, but that may be just me...
I have in the past used a development account set up to permit passwordless sudo. I never browsed the web with this account, in fact the only thing I used it for was compiling software and building packages. This approach allowed me to retrieve and compile software as an unprivileged user, and easily use 'sudo' to change permissions and ownerships when building a package, as well as installing or upgrading the package (and in a situation where the act of entering your password has the potential of it being intercepted, limiting how often it is required can prove beneficial).

This still opened a vulnerability should the compile scripts attempt to perform sudo, however, if any upstream provider ever tried such a thing it would be unlikely to go unnoticed (to put it mildly).

To be sure, I no longer bother to do this as it just was not worth the effort to set up and I no longer have to worry about someone looking over my shoulder as I work.
dilberts_left_nut wrote:You say you don't intentionally run malware, but would not a browser expolit script (which you may not intentionally run) also get root rights by simply invoking sudo?
This would be my greatest concern for the approach proposed by the OP. I wouldn't even feel comfortable with the sudo password being retained for any length of time (I understand Ubuntu keeps it around for fifteen minutes), as during that interval, an exploit might occur while browsing.

Personally, I would recommend against giving any regular user account full root privileges through sudo, even with a password. The only reason to give an account full root privileges through sudo is if the account is for administrative purposes and then the user should only use this sudo-enabled account as though it were root -- only logging into it to do administration, and logging into a separate, regular account for web-browsing and other ordinary activities.
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian Kernighan

ziggybopbopdoo
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

#23 Post by ziggybopbopdoo »

If a system can be exploited via the web then it can be exploited regardless of whether sudo is even installed or how it is configured.

To my knowledge all client side scripts are sandboxed by the browser to keep them from being able to execute any sort of system commands anyway. If someone could crack this then I don't really thinking escalating privys would be a problem for them with or without sudo.

Even if malicious code was deliverd via a browser and could somehow run system commands then considering the default timeout behavior of sudo it could simply try over and over until you actually use sudo for something and then it will run without requiring a password the same as if you had sudo setup without a password.

So once again, I just cannot make myself get very upset over a sudo setup that doesn't request a password.

All that being said, I don't think most single user systems need sudo at all. In fact I do not recommend sudo unless it cannot be avoided. Heck, a user having access to ALL the commands actually creeps me out more than not requesting a password to use those commands.

Of course I could be totally wrong and I welcome someone to prove that I am. I welcome a practical example that I can upload to my web server and try out for myself.


ps - running client side scripts does not magically make my single user system into a multi user system TobiSGD Talk about a misconception.

User avatar
saulgoode
Posts: 1545
Joined: 2007-10-22 11:34

Re: HOWTO Setup sudo to Avoid Entering a Password

#24 Post by saulgoode »

ziggybopbopdoo wrote:To my knowledge all client side scripts are sandboxed by the browser to keep them from being able to execute any sort of system commands anyway. If someone could crack this then I don't really thinking escalating privys would be a problem for them with or without sudo.
Year after year, ways of bypassing browser sandboxing have been demonstrated. Escalation of privileges is a separate problem and much easier to defend against, and the core system is already designed to address this (with forty years of history behind it), assuming that you use the system in a manner that doesn't intentionally bypass the protections available.
ziggybopbopdoo wrote:Even if malicious code was deliverd via a browser and could somehow run system commands then considering the default timeout behavior of sudo it could simply try over and over until you actually use sudo for something and then it will run without requiring a password the same as if you had sudo setup without a password.
Which is why a security conscious user should consider configuring sudo so as to not retain password for any time whatsoever (i.e., use a timestamp_timeout of "0"). Better still, don't browse the web from a sudo-privileged account.
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian Kernighan

ziggybopbopdoo
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

#25 Post by ziggybopbopdoo »

saulgoode wrote: Year after year, ways of bypassing browser sandboxing have been demonstrated.
I am not really sure how applicable that is in this context. I guess it might be depending on which contest/day you are speaking of. If you wish to elaborate we could dig in further and see if we can find out the details. But considering that the laptop running Ubuntu was not exploited, while circumstantial, that seems to say something siginificant I think.

I also am not sure that the targets in that contest are representative of a user sitting at home behind a ISP device, a personal router, and a software firewall (if installed).

I think my conclusion remains the same or near about. If a user isn't security conscious then passwordless sudo is the least of their problems.
Last edited by ziggybopbopdoo on 2014-01-27 20:15, edited 1 time in total.

User avatar
ComputerBob
Posts: 1199
Joined: 2007-11-30 04:49
Location: The Beautiful Sunshine State

Re: HOWTO Setup sudo to Avoid Entering a Password

#26 Post by ComputerBob »

Randicus wrote:But if that person does something that is incorrect, unwise, foolish or stupid, that person should not give others instructions to do the same. Posts like the OP are an argument for guides to need a moderator's permission before being added to the how-to section.
I like that idea.
ComputerBob - Making Geek-Speak Chic (TM)
ComputerBob.com - Nearly 6,000 Posts and 22 Million Views
My Ministry
My Massive Stroke
_________________
Your Life Matters

ziggybopbopdoo
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

#27 Post by ziggybopbopdoo »

ComputerBob wrote: I like that idea.
I do too. All that needs to be done now is to prove it is incorrect, unwise, foolish, or stupid.

User avatar
TobiSGD
Posts: 859
Joined: 2010-05-08 22:27
Location: Hannover, Germany

Re: HOWTO Setup sudo to Avoid Entering a Password

#28 Post by TobiSGD »

ziggybopbopdoo wrote:All that being said, I don't think most single user systems need sudo at all. In fact I do not recommend sudo unless it cannot be avoided. Heck, a user having access to ALL the commands actually creeps me out more than not requesting a password to use those commands.
It depends. If you use sudo for its main purpose, giving certain users well defined access rights to certain programs, there is nothing wrong with using sudo, even on a single user system. For example, you might use the root account for system administration, but may have set up sudo to allow the normal user to loop-mount ISO images.
ps - running client side scripts does not magically make my single user system into a multi user system TobiSGD Talk about a misconception.
If a third party is able to run code on your system without your consent, how would you call that? I would say that you are not the only user of that system in that case.

User avatar
Hallvor
Posts: 1175
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 3 times
Been thanked: 2 times

Re: HOWTO Setup sudo to Avoid Entering a Password

#29 Post by Hallvor »

ComputerBob wrote:
Randicus wrote:But if that person does something that is incorrect, unwise, foolish or stupid, that person should not give others instructions to do the same. Posts like the OP are an argument for guides to need a moderator's permission before being added to the how-to section.
I like that idea.
People should always have the freedom to do even stupid things on their own systems. I don't believe in babysitting/cencoring someone into becoming responsible. If you give new users freedom and knowledge, responsibility will grow.

As long as bad advice gets shot down within reasonable time and within the same thread, I don' t see any problem.
Lenovo ThinkPad T440S, Intel Core i7-4600U CPU @ 2.10GHz, 8 GB RAM, 256 GB SSD, Debian Bullseye (KDE)
Lenovo ThinkPad X240, Intel Core i5-4300U CPU @ 2.90GHz, 8 GB RAM, 120 GB SSD, Debian Bullseye (KDE)

confuseling
Posts: 2143
Joined: 2009-10-21 01:03

Re: HOWTO Setup sudo to Avoid Entering a Password

#30 Post by confuseling »

If this thread proves anything, it's that there isn't universal agreement about best practices and acceptable levels of security. Better to have the discussion in the open, I reckon.
ziggybopbopdoo wrote: ...
I think my conclusion remains the same or near about. If a user isn't security conscious then passwordless sudo is the least of their problems.
Also, if the user isn't savvy enough to read the whole thread before implementing a how-to (or for long ones, at least enough to get a sense of any controversy), they're lost before they started.
The Forum's search box is terrible. Use site specific search, e.g.
https://www.google.com/search?q=site%3A ... terms+here

ziggybopbopdoo
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

#31 Post by ziggybopbopdoo »

TobiSGD wrote:If you use sudo for its main purpose, giving certain users well defined access rights to certain programs,

If the main purpose was well defined access to certain programs by certain users then sudo would of never been designed with the ALL keywords. It's main purpose is simply to allow users to run system commands without having the root password.
there is nothing wrong with using sudo, even on a single user system.
I didn't say there was anything wrong with using sudo on a single user system. Maybe you missed the discussion so far but I have been for sudo if a user wants it. I am even for sudo that doesn't ask for a password. If a user wants the convenience of sudo I would think that at least some of them would want the added convenience of it not bothering them for a password.

What I said was that most single users systems do not need sudo at all. In other words, sudo is not necessary. I could of said that NO single user systems need sudo and it still would of been true.

Now if we are looking at it from a security standpoint then it is never prudent to have packages installed that are not needed. Having packages installed that aren't needed adds attack vectors for no reason. So just installing sudo is a risk, not configuring it to be more secure is a risk, and having it not ask for a password is a risk. A user should be free to pick his own risk level.

Now if a user suggested something risky AND stated it was fine for everyone to do then that would be inaccurate info and should be corrected. But the OP just stated information. In fact he simply posted a perfectly valid configuration. He didn't suggest it was for everyone or even anyone. So to me there was nothing to correct in that regard. I did add that visudo should be used and that it was important to understand the (ALL:ALL) part but I consider those to be additions rather than corrections.

For example, you might use the root account for system administration, but may have set up sudo to allow the normal user to loop-mount ISO images.
But that doesn't mean you need sudo, it simply means you choose to use sudo. And anyway, why on earth would a user want to type sudo to mount a iso image rather than just su'ing to root and mounting an iso image or using su -c to mount it?

If a third party is able to run code on your system without your consent, how would you call that? I would say that you are not the only user of that system in that case.
It isn't without my consent. I consented when I opened my browser and chose to allow it to do what it does. Anything it runs is actually me doing it. It is me running a program whose function is to run scripts, interpret markup, display images, play media, etc.

Hallvor wrote: As long as bad advice gets shot down within reasonable time and within the same thread, I don' t see any problem.
Exactly. and the OP did not even offer any advice to correct. Nobody said to do anything. They only offered a way of doing something. Only those looking a way to do this would be doing it anyway. Those people have already decided to take the risk, better to instruct/guide them in that risk than to leave them to figure it out for themselves.
confuseling wrote:If this thread proves anything, it's that there isn't universal agreement about best practices and acceptable levels of security.
I would hope that every user decides their own acceptable level of security.

User avatar
saulgoode
Posts: 1545
Joined: 2007-10-22 11:34

Re: HOWTO Setup sudo to Avoid Entering a Password

#32 Post by saulgoode »

AN0NYM0US wrote:
TobiSGD wrote:If you use sudo for its main purpose, giving certain users well defined access rights to certain programs,

If the main purpose was well defined access to certain programs by certain users then sudo would of never been designed with the ALL keywords. It's main purpose is simply to allow users to run system commands without having the root password.
The main purpose of sudo was to facilitate the task of administering Unix systems, particularly in larger enterprise environments. Providing well defined, limited access rights to certain programs was part of this -- you might want to give a technician tasked with doing weekly backups access to the tape drives and updating the logs, but not provide him access to the employment records of everybody in the company.

Another (important) part of sudo's utility -- and this is where the ALL and NOPASSWORD keywords come into play -- was in simplifying the task of running an IT staff comprising multiple administrator accounts, without all staff members sharing the same account and password. Sudo makes it quite trivial to add and remove fully-privileged administrators in such a scenario. Nota bene, these were to be dedicated administrator accounts and only intended to be logged into while performing administrative activities.

I personally think it entirely accurate to characterize the granting of ALL privileges to an account that is otherwise being used for normal, regular-user computing activities to be a "bastardization" of the original purpose of sudo, and doing so with a NOPASSWORD option to be downright foolhardy.
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian Kernighan

User avatar
TobiSGD
Posts: 859
Joined: 2010-05-08 22:27
Location: Hannover, Germany

Re: HOWTO Setup sudo to Avoid Entering a Password

#33 Post by TobiSGD »

ziggybopbopdoo wrote:
TobiSGD wrote:If you use sudo for its main purpose, giving certain users well defined access rights to certain programs,

If the main purpose was well defined access to certain programs by certain users then sudo would of never been designed with the ALL keywords. It's main purpose is simply to allow users to run system commands without having the root password.
Funnily, this argument works in the same way the other way around, and even better. If the main purpose of sudo would have been to simply allow users to run system commands without having the root password the original authors simply would have omitted to implement all the complicated stuff about restricting access to certain programs. They would have simply implemented the ALL option and were done.

ziggybopbopdoo
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

#34 Post by ziggybopbopdoo »

saulgoode wrote: The main purpose of sudo...
I consider the purpose of a tool to be the core function of the tool, what the tool actually does, the action it performs.

How someone uses a tool and/or what they use the tool for is simply use case scenarios. Any function beyond the core function has to do with configuration and options.

But I misspoke, I should of said it's main purpose (function) is to allow users to run commands as another user. I used a use case to represent the basic function and it was a poor choice as it also represents more function than the main one.
saulgoode wrote: The main purpose of sudo was to facilitate the task of administering Unix systems, particularly in larger enterprise environments.
That describes how someone might use the tool.
Providing well defined, limited access rights to certain programs was part of this -- you might want to give a technician tasked with doing weekly backups access to the tape drives and updating the logs, but not provide him access to the employment records of everybody in the company.
Another way.
Another (important) part of sudo's utility -- and this is where the ALL and NOPASSWORD keywords come into play -- was in simplifying the task of running an IT staff comprising multiple administrator accounts, without all staff members sharing the same account and password. Sudo makes it quite trivial to add and remove fully-privileged administrators in such a scenario. Nota bene, these were to be dedicated administrator accounts and only intended to be logged into while performing administrative activities.
Another.
I personally think it entirely accurate to characterize the granting of ALL privileges to an account that is otherwise being used for normal, regular-user computing activities to be a "bastardization" of the original purpose of sudo, and doing so with a NOPASSWORD option to be downright foolhardy.
I am glad we agree regarding the risk of the NOPASSWD option. As I stated earlier I consider installing sudo to be somewhat foolhardy(risky), not configuring it to be more secure than it is by default to be foolhardy(risky), and using the NOPASSWD option to be foolhardy(risky). I guess I am the more security concious user here. To do any of those increases risk. To not do the second one is as risky as the third since you would be unaware of any dangerous defaults and it would, at least after use of sudo, be operating as if the NOPASSWD option had been used until the timeout expired.

That being said I have no issue with anyone assuming any of these risks. It isn't my place to do so. Now if they were to recommend/suggest/encourage someone else to take a risk, then I would feel free to recommend/suggest/encourage otherwise.

Now you are speaking of ORIGINAL purpose? Was that a slip of the keyboard or did you mean to differentiate that from your earlier use of the phrase "main purpose"?

How can it be bastardization if the feature/option is programmed by the developer? When you configure other utilites do you also consider that to be bastardization as well? When you use options that are programmed into software are you bastardizing it as well? Because that is all this is about is options and configurations. The developer/contributer programmed it this way. You are saying that using a programs options is bastardization?

To me the only way to truly bastardize software would be to modify source in order to change it so that it does something different that what was programmed originally. In that way you would be corrupting, debaseing, changing the purpose and that would be bastardization.


TobiSGD wrote: Funnily, this argument works in the same way the other way around, and even better. If the main purpose of sudo would have been to simply allow users to run system commands without having the root password the original authors simply would have omitted to implement all the complicated stuff about restricting access to certain programs. They would have simply implemented the ALL option and were done.
As previously mentioned, I misspoke. I should of said it's main purpose (function) is to allow users to run commands as another user. In the heatof the moment I used a use case to represent the basic function and it was a poor choice as it also represents more function than the main one.

ziggybopbopdoo
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

#35 Post by ziggybopbopdoo »


TO SUMMARIZE:


If you are reckless in regards to security then you might as well do this.

If you care about the security of your system you would never do this.



Big round of applause to all participants and awards to those with good arguements!

User avatar
emorgan33
Posts: 6
Joined: 2014-02-07 04:57

#36 Post by emorgan33 »

So a quick question for you guys: am I leaving a gigantic security hole open for my system by using an account with administrator rights all of the time?

Sent from my C5155 using Tapatalk

User avatar
dilberts_left_nut
Posts: 5127
Joined: 2009-10-05 07:54
Location: enzed
Been thanked: 1 time

Re:

#37 Post by dilberts_left_nut »

emorgan33 wrote:So a quick question for you guys: am I leaving a gigantic security hole open for my system by using an account with administrator rights all of the time?
Yes.
AdrianTM wrote:There's no hacker in my grandma...

dzz
Posts: 257
Joined: 2007-02-05 20:39
Location: Devon, England

Re: HOWTO Setup sudo to Avoid Entering a Password

#38 Post by dzz »

why on earth would a user want to type sudo to mount a iso image
Maybe because that user did not know "fuseiso" does just that without needing root at all!

User avatar
bchat
Posts: 10
Joined: 2013-12-18 00:25
Location: Ohio, USA

Re: HOWTO Setup sudo to Avoid Entering a Password

#39 Post by bchat »

I just noticed the discussion here and it is very good. Maybe I should have stated that I wouldn't recommend this setup in a production/enterprise environment. I use this setup on computers that I own personally and do with them as I choose. If I wanted to be forced to use a computer in a particular way that someone else decided on regardless of whether it is practical or not, I would use a Windows 8 machine. If using Linux meant giving up my freedom, I would not use it.

This is what it comes down to for me:

Typing in a password every time I run a root command is a wasteful use of my time. It's annoying. More annoying than Windows' security pop-ups for Administrator access. I don't want to be annoyed when I use my Linux machine. It defeats the purpose.

If you really want your computer to be secure, then you should unplug the power cord from the wall. With the power cord unplugged, no unauthorized person or program can access it. It is perfectly secure. On the other hand, if you actually want to be able to USE your computer, you're going to have to make some compromises in terms of security.

Even if you use a password with sudo, someone else could learn it by watching you type it. So to get around that problem, you should really use a keyboard that doesn't have any letters printed on the keyboard, so no one can see what letters your typing. But, then someone could have memorized the key positions, so actually you should really get an invisible keyboard. THEN your computer will be truly secure.

Perhaps you can see how ridiculous this can get. At some point you have to make a compromise between security and usability. This is mine: I am not going to constantly type my password into my computer every time I run a command. You can if you want to.

Also, I do want to use sudo because it helps me recognize when I'm typing a dangerous command.
PowerBook G4 15" Aluminum / 1.5 GHz PowerPC 7447a (32-bit) CPU with AltiVec Velocity Engine / 1 GB RAM / ATI Mobility Radeon 9700 (4X AGP) 64 MB
Debian Wheezy 7.8 ONLY / Gnome 3.4.2 Fallback Mode
$50 complete system cost

confuseling
Posts: 2143
Joined: 2009-10-21 01:03

Re: HOWTO Setup sudo to Avoid Entering a Password

#40 Post by confuseling »

bchat wrote:I just noticed the discussion here and it is very good. Maybe I should have stated that I wouldn't recommend this setup in a production/enterprise environment. I use this setup on computers that I own personally and do with them as I choose. If I wanted to be forced to use a computer in a particular way that someone else decided on regardless of whether it is practical or not, I would use a Windows 8 machine. If using Linux meant giving up my freedom, I would not use it.
This argument is empty.

When you buy a drill with a fuse in, do you remove it and replace it with a bit of wire?

Why should anyone impinge on your freedom to run whatever current you feel like through your tools?
bchat wrote: This is what it comes down to for me:

Typing in a password every time I run a root command is a wasteful use of my time. It's annoying. More annoying than Windows' security pop-ups for Administrator access. I don't want to be annoyed when I use my Linux machine. It defeats the purpose.
I probably update my system once a week or so... I install things irregularly too - maybe again once a week on average? How many times can you possibly be typing your password?
The Forum's search box is terrible. Use site specific search, e.g.
https://www.google.com/search?q=site%3A ... terms+here

Post Reply