FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-01-2012, 07:53 PM
doug
 
Default root user

On 01/01/2012 03:38 PM, Johnny Rosenberg wrote:

2012/1/1 doug<dmcgarrett@optonline.net>:
The password is ”in effect” for some time (I though it was 15 minutes,
but that doesn't matter much), but you still have to type ”sudo” for
every command, it's just that you are only asked for the password the
first time. Example (UTF-8 is required to read this properly): $ sudo
command↵ Password: ··············↵ Command executed, OK. $ sudo
another_command↵ Command executed, OK. $ command↵ You need to be root
to run this command. $ sudo !!↵ sudo command Command executed, OK. 20
minutes later… $ sudo command↵ Password: ··············↵ Command
executed, OK. $ sudo command↵ Command executed, OK. …and so on… (↵
means the Enter key and those dots, ”·”, symbolise your entered
password). Kind regards Johnny Rosenberg ジョニー・*ーゼンバーグ

I used to
have sudo in pclos, bu the more recent releases have
made it impossible. I found it was very useful, and I
never corrupted my system using it. (I have corrupted
my system trying to get it back!)


--doug

Thank you. It's been awhile since I had sudo working, so I forgot.
OT: how did you make the carriage return sign?

--doug


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 09:03 PM
AV3
 
Default root user

On Jan/1/2012 11:3227 AM, Liam Proven wrote:

On 1 January 2012 16:05, AV3<arvimide@earthlink.net> wrote:

On Jan/1/2012 6:5435 AM, Earthson wrote:


root is disabled, and it does not have a passwd. if you really want to
use "root", just set a passwd for it.

command:


You can do this, but it is not a good idea. The major security advantage of
Unix OS's over Windows is afforded by their disabled root accounts
inaccessible to outside intruders. Keep it that way, unless you have a truly
compelling reason to risk your root account's security for.


Whereas the principle is correct, this is *not* a general Unix thing,
by any means. It was first introduced (that I am aware of) with Mac OS
X and Ubuntu copied it in 2004 when it first appeared, but few other
Linuxes do it, let alone Unixes.

It's an Ubuntu peculiarity.

However, the advice is sound: get used to not using root. ...




My mistake, deriving from the fact that I only use Mac OS and
Ubuntu-on-a-Mac. I over-generalized from my limited experience. I
thought that Unix was inherently more secure than Windows OS, whatever
the reason. Am I wrong about that? Why so, if not disabled root accounts?



--
++====+=====+=====+=====+=====+====+====+=====+=== ==+=====+=====+====++
||Arnold VICTOR, New York City, i. e., <arvimideQ@Wearthlink.net> ||
||Arnoldo VIKTORO, Nov-jorkurbo, t. e., <arvimideQ@Wearthlink.net> ||
||Remove capital letters from e-mail address for correct address/ ||
|| Forigu majusklajn literojn el e-poŝta adreso por ĝusta adreso ||
++====+=====+=====+=====+=====+====+====+=====+=== ==+=====+=====+====++


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 11:20 PM
Liam Proven
 
Default root user

On 1 January 2012 22:03, AV3 <arvimide@earthlink.net> wrote:
>
> My mistake, deriving from the fact that I only use Mac OS and
> Ubuntu-on-a-Mac. I over-generalized from my limited experience. I thought
> that Unix was inherently more secure than Windows OS, whatever the reason.

It is.

> Am I wrong about that?

No.

> Why so, if not disabled root accounts?

*Because* of things like disabled root accounts, and having ordinary
accounts that cannot do things like install software without sudo-ing
to root!

--
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lproven@cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven@hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven
Tel: +44 20-8685-0498 • Cell: +44 7939-087884

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-01-2012, 11:28 PM
Liam Proven
 
Default root user

On 1 January 2012 18:33, doug <dmcgarrett@optonline.net> wrote:
> On 01/01/2012 11:45 AM, Smoot Carl-Mitchell wrote:
>>
>> On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:
>>>
>>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>>>>
>>>> root is disabled, and it does not have a passwd. if you really want to
>>>> use "root", just set a passwd for it.
>>>>
>>>> command:
>>>>
>>>
>>> You can do this, but it is not a good idea. The major security advantage
>>> of Unix OS's over Windows is afforded by their disabled root accounts
>>> inaccessible to outside intruders. Keep it that way, unless you have a
>>> truly compelling reason to risk your root account's security for.
>>
>> Very few attacks on Unix/Linux systems try and guess the root password.
>> Most attacks take advantage of known flaws in processes running with
>> root privileges. With a strong password it is nearly impossible to guess
>> the root password. So from a security standpoint having a password on
>> the root account is not opening up a lot of risk. *Since using "su -" on
>> a host with a root password or "sudo -i" on a host with a locked root
>> account are functionally equivalent, why have a password on root which
>> you need to remember?
>>
>> On the other hand logging in as root (or sudo -i to root) and doing all
>> your work as root is risky, since every program you run is at an
>> elevated privilege. *If you download a program or execute an email
>> attachment as root, then all security bets are off. *This BTW was the
>> major attack vector for viruses and worms into Windows systems before
>> they introduced a degree of privilege separation. *sudo is a nice tool
>> which makes you aware of the programs you want to run with root
>> privileges. In my view it keeps you from doing really dumb things.
>>
> I'm trying to learn something here: *as I understand it, sudo
> gives you root privileges,

No, not quite.

> so what's the difference between
> su (password) and sudo (password)

"Su" stands for "super user". That means "root", normally, on Unix.

The "sudo" command means "superuser do" - in other words, do *one
command* as the superuser. So you type:

sudo cp /etc/fstab /etc/fstab.bak

... and it runs *that one command* as the superuser.

To do this, you need to supply /your own password/ and your account
needs to be in a group that permits you to do "sudo".

There is a handy loophole, though: if the thing that you do is run a
shell, then that shell runs as root and you can effectively become
root and run commands as root. That is what "sudo bash" does, and
because it's useful, there is a shortcut: "sudo -s", meaning, do the
action of opening a shell as the superuser.

The "su" command is completely different. It allows you to /become/
the superuser. When you type "su", you need to supply *root's*
password and then you become root until you end the session with
ctrl-D or "logout". *Your* password has nothing to do with it.

When you "su", you get a new shell. You can't run one command.

So "su" and "sudo" are totally different and do totally different
things. The correct comparison is between "su" and "sudo -s". They do
the same thing, but with one big difference: for "su", you need an
active root account and you need to know its password. For "sudo -s"
you need *your own* password and root can be left disabled.





--
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lproven@cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven@hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven
Tel: +44 20-8685-0498 • Cell: +44 7939-087884

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-02-2012, 02:08 AM
Craig White
 
Default root user

On Sun, 2012-01-01 at 17:03 -0500, AV3 wrote:

> My mistake, deriving from the fact that I only use Mac OS and
> Ubuntu-on-a-Mac. I over-generalized from my limited experience. I
> thought that Unix was inherently more secure than Windows OS, whatever
> the reason. Am I wrong about that? Why so, if not disabled root accounts?
----
on neither Mac OSX nor Ubuntu is root a disabled account - it simply
doesn't have a password. Not having a password doesn't mean that root is
disabled though - and if you are the 'first' user (ie, a member of
'admin' group), you can simply execute:

sudo su -

and you will get root shell with only your password which allows you to
run sudo. In general philosophy, both Ubuntu and Mac OSX believe that
there is no need for a root password and there's nothing inherently
wrong with the logic.

As for UNIX being inherently more secure than Windows... perhaps but
much of that logic comes from older versions of Windows whereas the
current versions of Windows 7 are reasonably secure. In general though,
both Windows and Macintosh OSX will out of the box make the first
installed user an administrator (super user aka root) by default whereas
most Linux distributions will not. This means that this first user will
always have super user privileges all the time and considering various
spyware/malware, that's probably a really poor idea on any OS. On Mac
OSX or Windows, it's relatively simple to create more users who are not
administrators for day to day usage and relatively simple to 'switch
user' when you need to install/update but many people do not.

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-02-2012, 02:13 AM
Craig White
 
Default root user

On Sun, 2012-01-01 at 10:30 -0600, Jay Ridgley wrote:
> On 01/01/12 06:00, ubuntu-users-request@lists.ubuntu.com wrote:
> > Date: Sun, 1 Jan 2012 11:55:35 +0100
> > From: Leila M<mech.loulou@gmail.com>
> > To:ubuntu-users@lists.ubuntu.com
> > Subject: root user
> > Message-ID:
> > <CAMyNn6KT9Mcokn_G8tb7myE71j5=S0EmPGmDrspDgoBBn50J hQ@mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > hi,
> >
> > I'm using Ubuntu 11.04 and I want to access the root account but I
> > cant do so using my password. I didn't specify any password during the
> > system installation process except the one I use to access my account.
> > any ideas about how to do so
> >
> > thanks in advance
> > Leila
> >
> Leila,
>
> The best way is to use sudo to become root:
>
> jay@polar:~$ sudo su
> ----
recommend that you use 'sudo su -'

note the dash at the end which obtains root env... can definitely make a
big difference.

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-02-2012, 02:25 AM
NoOp
 
Default root user

On 01/01/2012 02:55 AM, Leila M wrote:
> hi,
>
> I'm using Ubuntu 11.04 and I want to access the root account but I
> cant do so using my password. I didn't specify any password during the
> system installation process except the one I use to access my account.
> any ideas about how to do so
>
> thanks in advance
> Leila
>

https://help.ubuntu.com/community/RootSudo



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-02-2012, 03:08 AM
Smoot Carl-Mitchell
 
Default root user

On Sun, 2012-01-01 at 20:13 -0700, Craig White wrote:

> > The best way is to use sudo to become root:
> >
> > jay@polar:~$ sudo su
> > ----
> recommend that you use 'sudo su -'
>
> note the dash at the end which obtains root env... can definitely make a
> big difference.

Or on most modern version of sudo just use the -i option. It does the
same thing.

Please note the "su" command lets you become any user and not just root.
e.g.

sudo -i -u foo

will give you a shell with the authorization of the user "foo". You can
do the same thing for an individual command with:

sudo -i -u foo somecommand

The -i insures you get the user's environment e.g. PATH and other
environment variables and behaves just like you logged in as the user
"foo".

--
Smoot Carl-Mitchell
System/Network Architect
voice: +1 480 922-7313
cell: +1 602 421-9005
smoot@tic.com


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-02-2012, 09:46 AM
Chris Green
 
Default root user

On Sun, Jan 01, 2012 at 05:57:25PM +0000, Liam Proven wrote:
> On 1 January 2012 17:12, Chris Green <cl@isbd.net> wrote:
> >> "root", and if you have root access, you own the box. So that is the
> >> account everyone attacks. Well, if root is there but disabled, they
> >> can attack it as much as they like - they won't get in. There's
> >> nothing to get into.
> >
> > But in the real world the systems we are talking about are 99% home
> > systems and won't have an ssh daemon running to allow remote access, and
> > if they have it should most certainly have ssh root access disabled.
> > Thus an intruder *does* need to know two passwords.
>
> Why 2?
>
Because they can only login as a non-root user and then they need to
know the root password as well to become root. (Assuming sudo is turned
off of course).


> >> * * * * * * * * * * * * But without access to the system, they can't see
> >> what other, ordinary, unprivileged usernames /are/ there, so they
> >> can't launch dictionary attacks against them.
> >>
> > As I understand it dictionary attacks are only possible where the
> > encrypted passwords are visible and that is no longer true on most
> > systems.
>
> No, not at all.
>
> Anything which accepts a password in any form can have iterative
> dictionary attacks launched against it.
>
Well, in principle yes, but if there's a long delay (like seconds)
before another attempt is allowed it will take far, far too long to
attempt any sort of sensible dictionary attack.

--
Chris Green

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-02-2012, 04:09 PM
Johnny Rosenberg
 
Default root user

2012/1/1 doug <dmcgarrett@optonline.net>:
> On 01/01/2012 03:38 PM, Johnny Rosenberg wrote:
>>
>> 2012/1/1 doug<dmcgarrett@optonline.net>:
>>
>> The password is ”in effect” for some time (I though it was 15 minutes, but
>> that doesn't matter much), but you still have to type ”sudo” for every
>> command, it's just that you are only asked for the password the first time.
>> Example (UTF-8 is required to read this properly): $ sudo command↵ Password:
>> ··············↵ Command executed, OK. $ sudo another_command↵ Command
>> executed, OK. $ command↵ You need to be root to run this command. $ sudo !!↵
>> sudo command Command executed, OK. 20 minutes later… $ sudo command↵
>> Password: ··············↵ Command executed, OK. $ sudo command↵ Command
>> executed, OK. …and so on… (↵ means the Enter key and those dots, ”·”,
>> symbolise your entered password). Kind regards Johnny Rosenberg ジョニー・*ーゼンバーグ
>>>
>>> *I used to
>>> have sudo in pclos, bu the more recent releases have
>>> made it impossible. *I found it was very useful, and I
>>> never corrupted my system using it. *(I have corrupted
>>> my system trying to get it back!)
>>>
>>>
>>> --doug
>
> Thank you. *It's been awhile since I had sudo working, so I forgot.
> OT: how did you make the carriage return sign?

I made my own keyboard layout… I have it on AltGr+Enter. The Unicode
is 21B5, so another way is to type Ctrl+Shift+u 21b5 Enter (or just
continue typing). THis doesn't work everywhere, though. For instance
in my web browser (Opera). The ”Opera way” is, instead: 21b5
Ctrl+Shift+x.

”U+21B5 DOWNWARDS ARROW WITH CORNER LEFTWARDS – may indicate a
carriage return or new line”.


Kind regards

Johnny Rosenberg
ジョニー・*ーゼンバーグ

And by the way, my signature is made with AutoKey.

>
>
> --doug

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 12:00 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org