Announcement

Collapse
No announcement yet.

Root account or no root account?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    You do have the choice: Once installed, enter a root password.

    With the literally thousands of options that KDE and linux offer, some lines need to be drawn. Having hundreds of options during each install would be untenable.

    Please Read Me

    Comment


      #17
      Originally posted by sixonetonoffun View Post
      I'm not a fan of sudo. I like to be able to open a terminal and run as root for updates ect... the timeout of sudo usually requires entering the password more then once per session. I think sudo is mainly designed to protect us from ourselves. I know the length of time or user could be modified but its something that could be addressed during setup IMHO.
      I like having to sudo because it's simply good practice to use elevation only when needed. The extra sudo step ensures that I'm not running elevated when I don't need to be.

      Conversely, I loathe the password timeout, so I configure my sudoers not to prompt for a password. To do this, run:
      Code:
      sudo visudo
      In the editor, make the changes shown in underlined bold:
      Code:
      # Members of the admin group may gain root privileges
      %admin ALL=(ALL) [B][U]NOPASSWD:[/U][/B] ALL
      
      # Allow members of group sudo to execute any command
      %sudo   ALL=(ALL:ALL) [B][U]NOPASSWD:[/U][/B] ALL
      I'm not worried about any security implications here because if a bad guy has access to my computer, privilege escalation isn't too high on my list of things to be concerned with.

      Comment


        #18
        Originally posted by sixonetonoffun View Post
        Yes james147 but thats already 5 more chars then su <enter>
        Like I said my preference. Then there are issues with scripts launching processes as su that have to be tweaked to repect sudo. Not looking to debate the security merits of sudo. But I would prefer to have a choice at setup. Would a choice not be acceptable?
        Then:
        Code:
        alias su='sudo -i'
        Now its the same number of chars or
        Code:
        alias s='sudo -i'
        Now it is one less

        Also:
        Code:
        sed -ri "s/su -c ?([\"']?)(.*)\1/sudo \2/" scriptname
        will help to convert your scripts

        But I have not come across a script that uses su instead of sudo on the internet, so it is only scripts you have written that you need to worry about and so it should not be hard to convert them.

        The best scripts should check for sudo and fall back to su if it is not found:

        Code:
        asroot() {
            if which sudo &> /dev/null; then
                 return sudo $@
            else
                 return su -c "$@"
            fi
        }
        
        asroot command --you --want --to --run
        That is the better way to write a script as it is portable between the different distributions.

        And you can always re-enable the root account with one simble command if you need to... there is no point in a installer option since if you are going to use su, then you should be comfortable with re-enabling the root account on the command line anyway.

        But I wouldn't remove sudo as there are scripts out there that do use it.
        Last edited by james147; Dec 02, 2012, 08:59 PM.

        Comment


          #19
          Originally posted by luckyone View Post
          Of course you need to be a target also. But I appreciate the heads up.
          Under what scenario can a computer or a human not be a target? A computer free of data is still useful as a source from which to launch other attacks, if that computer has a network connection. A human who doesn't use a computer under normal circumstances can be an ideal social engineering target. The list is without bounds, really.

          Comment


            #20
            Great info as always Steve and James. Yes mainly homegrown and yes pretty amateurish. Simple things mainly on desktop where I have more services to manage and haven't spent much time lately . I've become lazy of late. I mainly browse and surf where I used to develop and share. Users no longer want personal web spaces. Fbook is all anyone cares for and if its outside of there... it couldn't be relevant to them. Ok maybe thats a little harsh somewhere along the line I just lost interest. E commerce still interests me but I have nothing for it at the moment... Many of the guys I used to FOSS with are now hooked on Android and IPhone apps which just doesn't interest me enough get involved with.

            Comment


              #21
              Originally posted by SteveRiley View Post
              Under what scenario can a computer or a human not be a target? A computer free of data is still useful as a source from which to launch other attacks, if that computer has a network connection. A human who doesn't use a computer under normal circumstances can be an ideal social engineering target. The list is without bounds, really.
              Simply put, there are easier pickens than a private Linux computer protected by a router and firewall. I haven't and won't lose any sleep at all over the possibility....and I sleep a lot lately.
              GigaByte GA-965G-DS3, Core2Duo at 2.1 GHz, 4 GB RAM, ASUS DRW-24B1ST, LiteOn iHAS 324 A, NVIDIA 7300 GS, 500 GB and 80 GB WD HDD

              Comment

              Working...
              X