IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Linux Forum / Re: Ubuntu question...
Post #204,597
by dws
4/24/05 8:22:47 PM
Reply
New Re: Ubuntu question...
I just ran into this after doing a default install of Hoary Hedgehog. The folks on #ubuntu (irc.freenode.net) gave the following answer at least three times within the few minutes I was there today.
  sudo passwd root\n

(and then using your own password first) fixes the problem of not knowing the root password.
Post #204,670
by pwhysall
Picture of pwhysall
4/25/05 7:26:40 AM
Reply
New I'd recommend not doing this.
And here's why.

If root has a password, and you've not disabled remote root logins, and you haven't disabled any crashy/buggy services that run as root and which could be compromised to get a shell, then an attacker doesn't even have to think about the username and can move swiftly on to the password part of things.

If you have a sensible username, then the attacker has to go through the hoops of finding a username to compromise, hoping it's in /etc/sudoers, and then hoping also that he can crack the password.

There's no such thing as total security, obviously (well, there is, but it involves your computer being in a locked, booby-trapped box at the bottom of the Marianas trench with a sign saying "Beware of the tiger" on the door[0]) but it seems silly to me to not use an obvious security feature like this.

Other benefits of using the sudo approach include not inadvertently still being root when you're rather not be (people like me who "sudo su" deserve everything they get) and also only having the one password to remember so, therefore you can make it much stronger.

It's horses for courses, naturally. Some people really find the sudo method extremely intrusive. Personally, I like it.
[0]With apologies to DNA

Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Post #204,679
by imric
4/25/05 8:21:34 AM
Reply
New A good point
Hadn't thought about it that way.

It's sounds good enough to me that I may set this up myself on my existing systems - I'll leave my day-to-day user account out of it, though. No, I don't trust my 'fumble fingers', and I detest the 'oh-shit-second'...
[link|http://www.runningworks.com|
]
Imric's Tips for Living
  • Paranoia Is a Survival Trait
  • Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
  • Even though everyone is out to get you, it doesn't matter unless you let them win.


Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
 
 
Post #204,680
by pwhysall
Picture of pwhysall
4/25/05 8:23:41 AM
Reply
New sudo is really powerful
You can restrict the activities of users in many ways.

You could give yourself, say, the ability to change other users' passwords but not to run dpkg, for example.

Read the man page and documentation. The syntax of /etc/sudoers takes some getting used to, so be warned :-)

Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
     Ubuntu question... - (cwbrenn) - (11) - April 24, 2005, 05:26:19 PM EDT
         My guess is that it assumes a primary user. - (a6l6e6x) - (1) - April 24, 2005, 05:54:28 PM EDT
             Yeah, but - (cwbrenn) - April 24, 2005, 06:25:31 PM EDT
         Main reason: Ideaology - (folkert) - (3) - April 24, 2005, 05:59:03 PM EDT
             Security feature? - (cwbrenn) - (2) - April 24, 2005, 06:24:40 PM EDT
                 Here's what it does... - (Yendor) - (1) - April 24, 2005, 06:52:17 PM EDT
                     ohhhhh... thanks for explaining that - (cwbrenn) - April 24, 2005, 06:59:05 PM EDT
         Re: Ubuntu question... - (dws) - (3) - April 24, 2005, 08:22:47 PM EDT
             I'd recommend not doing this. - (pwhysall) - (2) - April 25, 2005, 07:26:40 AM EDT
                 A good point - (imric) - (1) - April 25, 2005, 08:21:34 AM EDT
                     sudo is really powerful - (pwhysall) - April 25, 2005, 08:23:41 AM EDT
         Now that I've figured out that Sudo thing... - (cwbrenn) - April 25, 2005, 10:44:42 AM EDT

Let Us Now Braise Famous Men, those who in their salad days.. imagined that they were of the Caesar variety.
63 ms