Announcement

**GreyGeek** · Feb 18, 2021, 06:45 PM

Perhaps this is what you want: https://store.kde.org/p/1414804

I tried it out and it gives you two text boxes.

**revmacian** · Feb 18, 2021, 07:34 PM

Originally posted by GreyGeek View Post

Perhaps this is what you want: https://store.kde.org/p/1414804

I tried it out and it gives you two text boxes.

Well, that definitely works, but why is this not default behavior.. since it's more secure? I mean it's like having a combination lock on your front door and writing half the numbers on the lock for everyone to read. I'm not so much wanting a fix as wanting to know why the developers crippled security to begin with. Was it for convenience? Convenience and security are opposite ends of the same line.. the closer you get to one the further you go from the other.

**kubicle** · Feb 18, 2021, 11:23 PM

Originally posted by revmacian View Post

This way non-admin users can't sit at the computer calling sudo all day and guess the admin password because they aren't in the wheel group. When attempting to call sudo they were greeted with a "Permission denied" message instead of a sudo prompt. Why isn't sudo in the wheel group?

On *buntus, only admin users can use sudo (this is configured in sudoers as only members of the 'sudo' group can use sudo) non-admin users can't use sudo. Besides, in *buntus sudo uses the users password by default not a common admin (root) password.

As far as the login screen goes, this is not really a security issue. No one is going to brute force manually with the login screen. If the attacker has physical access to the machine they can own the machine in minutes regardless of what security measures are in place (aside from full disk encryption). Trying out login passwords just isn't worth it.

This is different from remote attempts, if you have something like ssh server running on the machine, in these cases knowing a username can help you get access to the system (not much, though), as you can automate the attack. But even then, attackers generally go after the "root" account anyway, unless it's a really targeted attack, which is exceptionally rare (especially for regular users). The ssh server doesn't reveal user names (which would indeed be a security issue)...and *buntus have the "root"account locked by default.

That doesn't mean you can't change the default log in screen if you prefer it that way. But the security implications of it are minimal at best.

**revmacian** · Feb 18, 2021, 11:41 PM

Originally posted by kubicle View Post

On *buntus, only admin users can use sudo (this is configured in sudoers as only members of the 'sudo' group can use sudo) non-admin users can't use sudo.

As far as the login screen goes, this is not really a security issue. No one is going to brute force manually with the login screen. If the attacker has physical access to the machine they can own the machine in minutes regardless of what security measures are in place (aside from full disk encryption). Trying out login passwords just isn't worth it.

This is different from remote attempts, if you have something like ssh server running on the machine, in these cases knowing a username can help you get access to the system (not much, though), as you can automate the attack. But even then, attackers generally go after the "root" account anyway, unless it's a really targeted attack, which is exceptionally rare (especially for regular users). The ssh server doesn't reveal user names (which would indeed be a security issue)...and *buntus have the "root"account locked by default.

That doesn't mean you can't change the default log in screen if you prefer it that way. But the security implications of it are minimal at best.

Well, it seems I need to update my knowledge. I've been using Linux for so long without keeping my skills up-to-date. Times change.. I supposed I should keep with the times. Thank you for the education

**oshunluvr** · Feb 19, 2021, 01:22 PM

I think, and Kubicle can correct me if I'm wrong, this is one of the reasons *buntus don't enable the root account by default. Since the admin use is the only one who can "sudo" and no one can "su" it's one less attack vector. I tend to "free" up specific commands with sudoers rather than add users to admin or wheel groups. Seems safer.

**revmacian** · Feb 19, 2021, 03:05 PM

Originally posted by oshunluvr View Post

I think, and Kubicle can correct me if I'm wrong, this is one of the reasons *buntus don't enable the root account by default. Since the admin use is the only one who can "sudo" and no one can "su" it's one less attack vector. I tend to "free" up specific commands with sudoers rather than add users to admin or wheel groups. Seems safer.

I believe you're right about the root account being locked - one less attack vector. And, using a group to contain access (sudoers) is exactly why we used the wheel group years ago, so it's basically the same result.

**GreyGeek** · Feb 19, 2021, 05:54 PM

Originally posted by revmacian View Post

Well, that definitely works, but why is this not default behavior.. since it's more secure? ....

I think Oshunluver explained it well.

Originally posted by revmacian View Post

Well, it seems I need to update my knowledge. I've been using Linux for so long without keeping my skills up-to-date. Times change.. I supposed I should keep with the times. Thank you for the education

Join my club. I've been using Linux since RH5 in May of 1998 and I've stopped "updating my skills" because things change too fast to attempt to stay up to date with the latest and greatest. Being 79 doesn't help, either.

I've adopted a "learn just what I need to know to get by" approach. That's one reason why I've stayed with Kubuntu since Feb of 2009. KDE/Plasma is an environment where changes aren't accelerating the way they had been in the past. I've stopped getting fancy. My setup has been to use the default install since 2009 and 6 years ago I switched to BTRFS to make backups and archiving as easy as falling off a log, or more precisely, running a script that I wrote to automate the process. 99% of what I use Kubuntu for is in the apps I use, centered mostly around Anaconda, Steam and Minecraft (but Minecraft may fade because my youngest grandson has found girls!

)

**revmacian** · Feb 19, 2021, 07:54 PM

Originally posted by GreyGeek View Post

I think Oshunluver explained it well.

Join my club. I've been using Linux since RH5 in May of 1998 and I've stopped "updating my skills" because things change too fast to attempt to stay up to date with the latest and greatest. Being 79 doesn't help, either.

I've adopted a "learn just what I need to know to get by" approach. That's one reason why I've stayed with Kubuntu since Feb of 2009. KDE/Plasma is an environment where changes aren't accelerating the way they had been in the past. I've stopped getting fancy. My setup has been to use the default install since 2009 and 6 years ago I switched to BTRFS to make backups and archiving as easy as falling off a log, or more precisely, running a script that I wrote to automate the process. 99% of what I use Kubuntu for is in the apps I use, centered mostly around Anaconda, Steam and Minecraft (but Minecraft may fade because my youngest grandson has found girls!

)

Yep, I'm definitely in your club! I'm 60 and have been using Linux as my sole operating environment since 1999 - got tired of Windows 98SE one day, found a book about debian, installed it and never looked back. I've been using gnome and Cinnamon since then but I'm seriously leaning toward keeping KDE Plasma, it's quite nice. I write my own bash scripts and I make my own apps with Python and Glade, though I need to switch over to PyQt5 now - QtDesigner is much nicer than Glade.

Announcement

I'm concerned about security

I'm concerned about security

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment