Announcement

**penguin.ch** · Dec 11, 2006, 04:46 AM

Re: sudo and security

Due to similar reservations, I decided to (at least partly) revive the root account, as described here (and here).

Birdy aka littleDrHouse

--

Postscript: reference updated

**kubicle** · Dec 11, 2006, 05:10 AM

Re: sudo and security

Originally posted by koelle

I'm thinking of switching to Kubuntu. I've installed it once and discovered that it uses sudo which I didn't like, because you don't need a password to execute root commands in a terminal. Well, I searched the Kubunut Wiki for some time to get some information on security. Still I could not find satisfying information so I decided to post my question here in the forum.

My concern is the following:
If there is a breach of security and somebody penetrates my system. Wouldn't he be able to open a terminal and execute root commands without needing a password?

Hope you understand my concerns and can give me some advice.

There might be something wrong with your installation, as sudo asks for a password before it executes the command...it shouldn't 'run a root command without needing a password'.

However, by default sudo 'remembers' the password for fifteen minutes, so if you've given a sudo password once and perform another sudo operation in fifteen minutes, it doesn't ask for a password. If you're worried about that you can change the timeout to 0 which makes sudo ask for a password every time you use it. (ask for instructions if you need them

)

**askrieger** · Dec 11, 2006, 04:59 PM

Re: sudo and security

In point of fact, many people consider sudo to be MORE SECURE than having a root user. Please take a look at this Ubuntu Community Help Wiki page. The basic argument is that everyone knows that all Unix based systems (like both Linux and OS-X) have an all-powerful user named "root", so all you have to do is guess her password and you're in. Because most people think (erroneously) that strong passwords are hard to remember, guessing a password is often fairly easy.

My own experience, (on an occasion when my HW firewall/router was out of service for about three days) was that among the many (a few thousand) hackers who attacked my seemingly defenseless, directly connected, system, those few who realized that I was running Linux all started their attacks by trying to login as user "root". They went through some fairly sophisticated attempts to find root's password. They also went through logins using common system user names, but (K)Ubuntu isn't very hospitable to those either.

When I first switched from Debian to Kubuntu, I thought sudo was a lot of trouble compared to using a root login. Now, I'd never again use a system with a gaping security hole like a root login.

**Skydancer** · Dec 13, 2006, 01:27 PM

Re: sudo and security

I must agree with you, @askrieger. At first it was a bit confusing (I switched from openSUSE), but eventually you get the hang of it. The good thing is also the time limit (15 min.) so you don't have to type sudo continuously. Another thing I like in sudo is that there is lesser possibility to screw things up if you accidentally forget to logout of root.

Announcement

sudo and security

sudo and security

Comment

Comment

Comment

Comment