Firefox and Opera

2»

Comments

  • Anonymous
    Anonymous Posts: 79,666
    quite right, I know that every wondows box being an administrator machine (until Vista) is worse. I was just pointint out that if you use Sudo for running scripts you'ce C&Pd off the net, you're leaving yourself wide open for longer than you might think. There's a lot of people I know who hadn't realised that.
    <blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Big Red S</i>

    <blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by yeehaamcgee</i>

    SUDO doesn't work on Unix. Unix and most linux ditsros are based on the concept of a root user. There is no root user account in Ubuntu, so you have to use the Sudo command.
    <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
    Yes there is.
    do
    sudo passwd
    
    and set a root password. Then su to your heart's content. You can't not have a root account...

    <blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">
    Sudo (Super User DO) temporarily raises your privileges to a pseudo root-account for 10 minutes (IIRC). Which means that for 10 (or whatever) minutes after you've used it, if your machine is compromised, you're pretty much screwed, as any administrative function can be carried out.
    <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
    It's not designed to be on every box. It's supposed to be used where the administrator feels it's appropriate, and not where he feels it isn't.

    It's a 5-minute timeout by default. But obviously you can change that. And it's only on that shell session on that tty. So it's not a worry about your machine being compromised, it's someone using your terminal. If you leave your terminal logged in where it's likely to get abused, you're not the kind of person who's going to be given sudo powers, are you? The only real hole is if someone finds out a sudoers password, they become sudoable. So you switch on PAM and be anal about passwords.
    It's far, far more secure than giving everyone that wants it the root password, and easier than having them give you a list of admin tasks they want done. Instead, you decide who is allowed to do what, and let them do it themselves, with whatever degree of logging and authentication you deem appropriate. Check the man pages for sudo and visudo.

    Still, it's hardly less secure than the every-user-an-administrative-user Windows model, is it?

    BSD's unix, isn't it?

    <hr noshade size="1"><font size="1">:) README
    [url=mailto:avisforwardedemails@gmail.com?subject=MBUK Moderation]E-mail me if you think i've moderated something wrong[/url] (but don't change the subject or I won't get it)</font id="size1">
    <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

    <hr noshade size="1">
    My trusty steed
    1999 marin wolfridge, Marzocchi Jr Ts, Saint cranks, D321 rims, Hope C2s, raceface bits and bobs, XT running gear. All vintage stuff! (apart from the saints)
    <hr noshade size="1">
  • Big Red S
    Big Red S Posts: 26,890
    <blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by yeehaamcgee</i>

    quite right, I know that every wondows box being an administrator machine (until Vista) is worse. I was just pointint out that if you use Sudo for running scripts you'ce C&Pd off the net, you're leaving yourself wide open for longer than you might think. There's a lot of people I know who hadn't realised that.
    <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
    That's a flaw in the user, though, not in sudo.
    You used to get instructions which told you to su first, then run this list of commands.
    Now you just get told to run the list of commands prefixed with sudo.
    Anyone who blindly follows instructions off a single site is a fool.

    I'm not sure what you mean by wide open. Do you use sudo?

    You enter a command, say
    sudo vim /etc/fstab
    
    It prompts you for a password, and on it being correct and you being in /etc/sudoers and you having permissions to edit it, fires up a root-powered vim session editing /etc/fstab.
    On exiting, for the next five minutes, if you enter another sudo command
    sudo mount -a
    
    it wont prompt you for your password.
    If, however, you switch to another tty or open another shell session to run the command, it will.
    If you type just
    mount -a
    
    it will throw up an error complaining that you're not root.

    I really don't see how it's any less secure than su. Especially on a single-user box.

    <hr noshade size="1"><font size="1">:) README
    [url=mailto:avisforwardedemails@gmail.com?subject=MBUK Moderation]E-mail me if you think i've moderated something wrong[/url] (but don't change the subject or I won't get it)</font id="size1">