FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-01-2012, 03:45 PM
Smoot Carl-Mitchell
 
Default root user

On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:
> On Jan/1/2012 6:5435 AM, Earthson wrote:
> > root is disabled, and it does not have a passwd. if you really want to
> > use "root", just set a passwd for it.
> >
> > command:
> >
>
>
> You can do this, but it is not a good idea. The major security advantage
> of Unix OS's over Windows is afforded by their disabled root accounts
> inaccessible to outside intruders. Keep it that way, unless you have a
> truly compelling reason to risk your root account's security for.

Very few attacks on Unix/Linux systems try and guess the root password.
Most attacks take advantage of known flaws in processes running with
root privileges. With a strong password it is nearly impossible to guess
the root password. So from a security standpoint having a password on
the root account is not opening up a lot of risk. Since using "su -" on
a host with a root password or "sudo -i" on a host with a locked root
account are functionally equivalent, why have a password on root which
you need to remember?

On the other hand logging in as root (or sudo -i to root) and doing all
your work as root is risky, since every program you run is at an
elevated privilege. If you download a program or execute an email
attachment as root, then all security bets are off. This BTW was the
major attack vector for viruses and worms into Windows systems before
they introduced a degree of privilege separation. sudo is a nice tool
which makes you aware of the programs you want to run with root
privileges. In my view it keeps you from doing really dumb things.

--
Smoot Carl-Mitchell
System/Network Architect
voice: +1 480 922-7313
cell: +1 602 421-9005
smoot@tic.com


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 03:47 PM
Johnny Rosenberg
 
Default root user

2012/1/1 Chris Green <cl@isbd.net>:
> On Sun, Jan 01, 2012 at 11:05:49AM -0500, AV3 wrote:
>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>> >root is disabled, and it does not have a passwd. if you really want to
>> >use "root", just set a passwd for it.
>> >
>> >command:
>> >
>>
>>
>> You can do this, but it is not a good idea. The major security
>> advantage of Unix OS's over Windows is afforded by their disabled
>> root accounts inaccessible to outside intruders. Keep it that way,
>> unless you have a truly compelling reason to risk your root
>> account's security for.
>>
> I have never quite followed this security reason for not enabling root.
>
> If someone guesses/finds the "sudo to root" user's password then they
> can get to do nasty root things just as easily as if the root account
> was enabled and they guess the root password.

I guess that a part of the security enhancement in sudo is that you
don't have to remember to logout from root privileges.

>
> To my mind the only major advantage of using sudo rather than having a
> root password is simply that it leaves an audit trail of who did what.
>
> A root password actually adds a little security if remote root login is
> not allowed, you have to know two passwords, one for a user login and
> one for a root login, to get root access.

I never fiddled much with other distributions than Ubuntu (although I
have tried a few out in other aspects), but if you have a root
password, isn't it possible to login to the root directly from the
login screen? In that case you still only need to know one password.
But maybe that isn't possible.

>
> However, having said all that, for *simplicity* then a user with sudo
> access does make support etc. much easier and on single user home Linux
> systems that is a major advantage.
>
> --
> Chris Green

Personally I use sudo because I have never used anything else, so I
don't find it particularly complicated. The password lasts for maybe
15 minutes or so, so at least you don't have to enter your password
for every command. If I forget the sudo, and try to run a command as
user, I can always re-run it by typing ”sudo !!”, which means ”sudo
<last command>”.


Kind regards

Johnny Rosenberg
ジョニー・*ーゼンバーグ

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 03:49 PM
Liam Proven
 
Default root user

On 1 January 2012 16:38, Chris Green <cl@isbd.net> wrote:
> On Sun, Jan 01, 2012 at 11:05:49AM -0500, AV3 wrote:
>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>> >root is disabled, and it does not have a passwd. if you really want to
>> >use "root", just set a passwd for it.
>> >
>> >command:
>> >
>>
>>
>> You can do this, but it is not a good idea. The major security
>> advantage of Unix OS's over Windows is afforded by their disabled
>> root accounts inaccessible to outside intruders. Keep it that way,
>> unless you have a truly compelling reason to risk your root
>> account's security for.
>>
> I have never quite followed this security reason for not enabling root.
>
> If someone guesses/finds the "sudo to root" user's password then they
> can get to do nasty root things just as easily as if the root account
> was enabled and they guess the root password.
>
> To my mind the only major advantage of using sudo rather than having a
> root password is simply that it leaves an audit trail of who did what.
>
> A root password actually adds a little security if remote root login is
> not allowed, you have to know two passwords, one for a user login and
> one for a root login, to get root access.
>
> However, having said all that, for *simplicity* then a user with sudo
> access does make support etc. much easier and on single user home Linux
> systems that is a major advantage.

It's not that it's harder to crack a user password than the root
password, and it's not that not having a root password keeps you safe
- it doesn't; once you know "sudo -s" (and its many variants), you can
do just as much damage.

It is, rather, for 2 reasons.

[1] Locally, if 'root' is disabled, then you can't log in as root.
Simple but clear. It removes the temptation to log in as that
dangerous account, because you can't. This is far more protection than
turning the desktop red and putting a picture of a bomb on it, as SUSE
Linux used to do. You can't do it at all, any how.

[2] Remotely, it offers protection from cracking attempts. Everyone
who knows Unix knows that the system administrator on Unix is called
"root", and if you have root access, you own the box. So that is the
account everyone attacks. Well, if root is there but disabled, they
can attack it as much as they like - they won't get in. There's
nothing to get into. But without access to the system, they can't see
what other, ordinary, unprivileged usernames /are/ there, so they
can't launch dictionary attacks against them.

--
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lproven@cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven@hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven
Tel: +44 20-8685-0498 • Cell: +44 7939-087884

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 04:12 PM
Chris Green
 
Default root user

On Sun, Jan 01, 2012 at 04:49:08PM +0000, Liam Proven wrote:
> On 1 January 2012 16:38, Chris Green <cl@isbd.net> wrote:
> > I have never quite followed this security reason for not enabling root.
> >
> > If someone guesses/finds the "sudo to root" user's password then they
> > can get to do nasty root things just as easily as if the root account
> > was enabled and they guess the root password.
> >
> > To my mind the only major advantage of using sudo rather than having a
> > root password is simply that it leaves an audit trail of who did what.
> >
> > A root password actually adds a little security if remote root login is
> > not allowed, you have to know two passwords, one for a user login and
> > one for a root login, to get root access.
> >
> > However, having said all that, for *simplicity* then a user with sudo
> > access does make support etc. much easier and on single user home Linux
> > systems that is a major advantage.
>
> It's not that it's harder to crack a user password than the root
> password, and it's not that not having a root password keeps you safe
> - it doesn't; once you know "sudo -s" (and its many variants), you can
> do just as much damage.
>
> It is, rather, for 2 reasons.
>
> [1] Locally, if 'root' is disabled, then you can't log in as root.
> Simple but clear. It removes the temptation to log in as that
> dangerous account, because you can't. This is far more protection than
> turning the desktop red and putting a picture of a bomb on it, as SUSE
> Linux used to do. You can't do it at all, any how.
>
That's rather akin to my 'simplicity' point above. However it really
makes no difference except that most instructions for doing root things
on ubuntu say:-
sudo <do this>
sudu <do that>
sudo <do the other>
and, as you say, afterwards you're not root and don't have to remember
to log out. In practice surely anyone doing more than two commands as
root quickly gets fed up with typing sudo over and over again and just
does:-
sudo -i
<do this>
<do that>
<do the other>
CTRL/D

> [2] Remotely, it offers protection from cracking attempts. Everyone
> who knows Unix knows that the system administrator on Unix is called
> "root", and if you have root access, you own the box. So that is the
> account everyone attacks. Well, if root is there but disabled, they
> can attack it as much as they like - they won't get in. There's
> nothing to get into.

But in the real world the systems we are talking about are 99% home
systems and won't have an ssh daemon running to allow remote access, and
if they have it should most certainly have ssh root access disabled.
Thus an intruder *does* need to know two passwords.

> But without access to the system, they can't see
> what other, ordinary, unprivileged usernames /are/ there, so they
> can't launch dictionary attacks against them.
>
As I understand it dictionary attacks are only possible where the
encrypted passwords are visible and that is no longer true on most
systems.

Much of what you are saying is really only applicable to multi-user
systems where there are many users with 'local' (as in local LAN) access
to the system. Running something like a dictionary attack across an
internet connection would be well nigh pointless, the timeouts on failed
logins are such that it would take longer than any system is going to
last for.

--
Chris Green

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 04:57 PM
Liam Proven
 
Default root user

On 1 January 2012 17:12, Chris Green <cl@isbd.net> wrote:
> On Sun, Jan 01, 2012 at 04:49:08PM +0000, Liam Proven wrote:
>> On 1 January 2012 16:38, Chris Green <cl@isbd.net> wrote:
>> > I have never quite followed this security reason for not enabling root.
>> >
>> > If someone guesses/finds the "sudo to root" user's password then they
>> > can get to do nasty root things just as easily as if the root account
>> > was enabled and they guess the root password.
>> >
>> > To my mind the only major advantage of using sudo rather than having a
>> > root password is simply that it leaves an audit trail of who did what.
>> >
>> > A root password actually adds a little security if remote root login is
>> > not allowed, you have to know two passwords, one for a user login and
>> > one for a root login, to get root access.
>> >
>> > However, having said all that, for *simplicity* then a user with sudo
>> > access does make support etc. much easier and on single user home Linux
>> > systems that is a major advantage.
>>
>> It's not that it's harder to crack a user password than the root
>> password, and it's not that not having a root password keeps you safe
>> - it doesn't; once you know "sudo -s" (and its many variants), you can
>> do just as much damage.
>>
>> It is, rather, for 2 reasons.
>>
>> [1] Locally, if 'root' is disabled, then you can't log in as root.
>> Simple but clear. It removes the temptation to log in as that
>> dangerous account, because you can't. This is far more protection than
>> turning the desktop red and putting a picture of a bomb on it, as SUSE
>> Linux used to do. You can't do it at all, any how.
>>
> That's rather akin to my 'simplicity' point above. *However it really
> makes no difference except that most instructions for doing root things
> on ubuntu say:-
> * *sudo <do this>
> * *sudu <do that>
> * *sudo <do the other>
> and, as you say, afterwards you're not root and don't have to remember
> to log out. *In practice surely anyone doing more than two commands as
> root quickly gets fed up with typing sudo over and over again and just
> does:-
> * *sudo -i
> * *<do this>
> * *<do that>
> * *<do the other>
> * *CTRL/D

I tend to use -s not -i, but yes, the point stands.

Doesn't matter - it's better than nothing.

>> [2] Remotely, it offers protection from cracking attempts. Everyone
>> who knows Unix knows that the system administrator on Unix is called
>> "root", and if you have root access, you own the box. So that is the
>> account everyone attacks. Well, if root is there but disabled, they
>> can attack it as much as they like - they won't get in. There's
>> nothing to get into.
>
> But in the real world the systems we are talking about are 99% home
> systems and won't have an ssh daemon running to allow remote access, and
> if they have it should most certainly have ssh root access disabled.
> Thus an intruder *does* need to know two passwords.

Why 2?

>> * * * * * * * * * * * * But without access to the system, they can't see
>> what other, ordinary, unprivileged usernames /are/ there, so they
>> can't launch dictionary attacks against them.
>>
> As I understand it dictionary attacks are only possible where the
> encrypted passwords are visible and that is no longer true on most
> systems.

No, not at all.

Anything which accepts a password in any form can have iterative
dictionary attacks launched against it.


> Much of what you are saying is really only applicable to multi-user
> systems where there are many users with 'local' (as in local LAN) access
> to the system. *Running something like a dictionary attack across an
> internet connection would be well nigh pointless, the timeouts on failed
> logins are such that it would take longer than any system is going to
> last for.

Not really. Any machine on the Internet is potentially vulnerable, as
well as an intranet.

--
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lproven@cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven@hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven
Tel: +44 20-8685-0498 • Cell: +44 7939-087884

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 05:33 PM
doug
 
Default root user

On 01/01/2012 11:45 AM, Smoot Carl-Mitchell wrote:

On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:

On Jan/1/2012 6:5435 AM, Earthson wrote:

root is disabled, and it does not have a passwd. if you really want to
use "root", just set a passwd for it.

command:



You can do this, but it is not a good idea. The major security advantage
of Unix OS's over Windows is afforded by their disabled root accounts
inaccessible to outside intruders. Keep it that way, unless you have a
truly compelling reason to risk your root account's security for.

Very few attacks on Unix/Linux systems try and guess the root password.
Most attacks take advantage of known flaws in processes running with
root privileges. With a strong password it is nearly impossible to guess
the root password. So from a security standpoint having a password on
the root account is not opening up a lot of risk. Since using "su -" on
a host with a root password or "sudo -i" on a host with a locked root
account are functionally equivalent, why have a password on root which
you need to remember?

On the other hand logging in as root (or sudo -i to root) and doing all
your work as root is risky, since every program you run is at an
elevated privilege. If you download a program or execute an email
attachment as root, then all security bets are off. This BTW was the
major attack vector for viruses and worms into Windows systems before
they introduced a degree of privilege separation. sudo is a nice tool
which makes you aware of the programs you want to run with root
privileges. In my view it keeps you from doing really dumb things.


I'm trying to learn something here: as I understand it, sudo
gives you root privileges, so what's the difference between
su (password) and sudo (password) except that sudo
privileges disappear after 5 minutes, and su leaves you
in root forever unless you type exit. What am I missing?
(I am mostly using a distro other than Ubuntu, which does
not let me have sudo anymore 8-( . I would really like to
have it back!)

--doug

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 05:47 PM
Johnny Rosenberg
 
Default root user

2012/1/1 doug <dmcgarrett@optonline.net>:
> On 01/01/2012 11:45 AM, Smoot Carl-Mitchell wrote:
>>
>> On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:
>>>
>>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>>>>
>>>> root is disabled, and it does not have a passwd. if you really want to
>>>> use "root", just set a passwd for it.
>>>>
>>>> command:
>>>>
>>>
>>> You can do this, but it is not a good idea. The major security advantage
>>> of Unix OS's over Windows is afforded by their disabled root accounts
>>> inaccessible to outside intruders. Keep it that way, unless you have a
>>> truly compelling reason to risk your root account's security for.
>>
>> Very few attacks on Unix/Linux systems try and guess the root password.
>> Most attacks take advantage of known flaws in processes running with
>> root privileges. With a strong password it is nearly impossible to guess
>> the root password. So from a security standpoint having a password on
>> the root account is not opening up a lot of risk. *Since using "su -" on
>> a host with a root password or "sudo -i" on a host with a locked root
>> account are functionally equivalent, why have a password on root which
>> you need to remember?
>>
>> On the other hand logging in as root (or sudo -i to root) and doing all
>> your work as root is risky, since every program you run is at an
>> elevated privilege. *If you download a program or execute an email
>> attachment as root, then all security bets are off. *This BTW was the
>> major attack vector for viruses and worms into Windows systems before
>> they introduced a degree of privilege separation. *sudo is a nice tool
>> which makes you aware of the programs you want to run with root
>> privileges. In my view it keeps you from doing really dumb things.
>>
> I'm trying to learn something here: *as I understand it, sudo
> gives you root privileges, so what's the difference between
> su (password) and sudo (password) except that sudo
> privileges disappear after 5 minutes, and su leaves you
> in root forever unless you type exit. *What am I missing?
> (I am mostly using a distro other than Ubuntu, which does
> not let me have sudo anymore 8-( * . I would really like to
> have it back!)
>
> --doug

I guess the su-people means that it's a little bit annoying having to
type ”sudo” in front of every command instead of typing ”su” only
once. TO me it became a habit, so it doesn't bother me much.


Kind regards

Johnny Rosenberg
ジョニー・*ーゼンバーグ

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 05:55 PM
doug
 
Default root user

On 01/01/2012 01:47 PM, Johnny Rosenberg wrote:

2012/1/1 doug<dmcgarrett@optonline.net>:



/snip/

I'm trying to learn something here: as I understand it, sudo
gives you root privileges, so what's the difference between
su (password) and sudo (password) except that sudo
privileges disappear after 5 minutes, and su leaves you
in root forever unless you type exit. What am I missing?
(I am mostly using a distro other than Ubuntu, which does
not let me have sudo anymore 8-( . I would really like to
have it back!)

--doug

I guess the su-people means that it's a little bit annoying having to
type ”sudo” in front of every command instead of typing ”su” only
once. TO me it became a habit, so it doesn't bother me much.


Kind regards

Johnny Rosenberg
ジョニー・*ーゼンバーグ


sudo is supposed to remain in effect for 5 minutes, altho I
understand that the timeout can be changed. So, if
it remains in effect, you don't have to keep typing sudo
for every command, if they're consecutive. I used to
have sudo in pclos, bu the more recent releases have
made it impossible. I found it was very useful, and I
never corrupted my system using it. (I have corrupted
my system trying to get it back!)

--doug



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 07:38 PM
Johnny Rosenberg
 
Default root user

2012/1/1 doug <dmcgarrett@optonline.net>:
> On 01/01/2012 01:47 PM, Johnny Rosenberg wrote:
>>
>> 2012/1/1 doug<dmcgarrett@optonline.net>:
>>>
>>>
> /snip/
>
>>> I'm trying to learn something here: *as I understand it, sudo
>>> gives you root privileges, so what's the difference between
>>> su (password) and sudo (password) except that sudo
>>> privileges disappear after 5 minutes, and su leaves you
>>> in root forever unless you type exit. *What am I missing?
>>> (I am mostly using a distro other than Ubuntu, which does
>>> not let me have sudo anymore 8-( * . I would really like to
>>> have it back!)
>>>
>>> --doug
>>
>> I guess the su-people means that it's a little bit annoying having to
>> type ”sudo” in front of every command instead of typing ”su” only
>> once. TO me it became a habit, so it doesn't bother me much.
>>
>>
>> Kind regards
>>
>> Johnny Rosenberg
>> ジョニー・*ーゼンバーグ
>>
> sudo is supposed to remain in effect for 5 minutes, altho I
> understand that the timeout can be changed. So, if
> it remains in effect, you don't have to keep typing sudo
> for every command, if they're consecutive.

The password is ”in effect” for some time (I though it was 15 minutes,
but that doesn't matter much), but you still have to type ”sudo” for
every command, it's just that you are only asked for the password the
first time.

Example (UTF-8 is required to read this properly):
$ sudo command↵
Password: ··············↵
Command executed, OK.
$ sudo another_command↵
Command executed, OK.
$ command↵
You need to be root to run this command.
$ sudo !!↵
sudo command
Command executed, OK.

20 minutes later…
$ sudo command↵
Password: ··············↵
Command executed, OK.
$ sudo command↵
Command executed, OK.

…and so on… (↵ means the Enter key and those dots, ”·”, symbolise your
entered password).



Kind regards

Johnny Rosenberg
ジョニー・*ーゼンバーグ

> *I used to
> have sudo in pclos, bu the more recent releases have
> made it impossible. *I found it was very useful, and I
> never corrupted my system using it. *(I have corrupted
> my system trying to get it back!)
>
>
> --doug

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 07:49 PM
Smoot Carl-Mitchell
 
Default root user

On Sun, 2012-01-01 at 21:38 +0100, Johnny Rosenberg wrote:
> 2012/1/1 doug <dmcgarrett@optonline.net>:

> The password is ”in effect” for some time (I though it was 15 minutes,
> but that doesn't matter much), but you still have to type ”sudo” for
> every command, it's just that you are only asked for the password the
> first time.

The timeout is settable as an option in the sudoers file. See the
sudoers manual page. Something like:

timestamp_timeout 30

sets the timeout to 30 minutes.

You can even turn off the password check, but that is not recommended.

--
Smoot Carl-Mitchell
System/Network Architect
voice: +1 480 922-7313
cell: +1 602 421-9005
smoot@tic.com


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 08:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org