AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Sudo password for12/7/2023 This simple yet effective methodology provides accountability for all user actions, and gives the administrator granular control over which actions a user can perform with said privileges.Īnd go on with instructions on how to enable the root account, by setting a password for it. Instead, users are encouraged to make use of a tool by the name of ‘sudo’ to carry out system administrative duties. Ubuntu developers made a conscientious decision to disable the >administrative root account by default in all Ubuntu installations. The Ubuntu Server Guide mentions under User Management that I tried to look at what the Ubuntu docs say about that. "Only through root can true pain – and thus enlightenment – be achieved." Be careful though that your action will have more impact, and it will be easier for you to damage the system. Does the rational make more sense in this context? I do think that this may not apply to multi-user systems.Įffectively, if you are the only user on the system, the above doesn't apply and you can login as root instead of running sudo any time you need to operate as an admin. Giving all users the root password defeats completely the use of sudoers, since users won't need to use sudo: they'll login simply as root.Įdit: I am running a personal Linux Machine, where I am the only user. The sudoers mechanism has many advantages compared to giving out the root password:Īllowing to run a restricted set of commands as an adminĪccountability, as commands run via sudo can be logged so to know who ran whatĮasy transfer of admin rights, simply by adding and removing users from the admin group There's also the issue that people often get upset when you do the actually right thing and remove root access and/or disable accounts when those things are no longer needed. I've worked in several environments over the years where people had moved on to other roles in the same organisations years before (or even left the organisation completely) but still had root access on machines that they shouldn't even still have a valid login on. In practice, this proved to be extremely problematic, especially in large environments like universities or corporations where people changed roles a lot. Sudo was written, at least in part, to avoid the problems caused when everyone who needed some ability to do some root-level sysadmin tasks had to know the root password. "common sense" is usually neither "common" nor "sensible". I strongly recommend that you revert back to the default behaviour as it is almost certainly more well thought out than your belief that it "makes sense" that you should have to know the root password. This is why it's not the default configuration for sudo. With sudo's default configuration, you only have to change the sudoers file and/or remove the user from the sudo group. It is also harder to revoke root access from just one person - you have to change the root password and let everyone know what the new password is. Once someone has the root password, they can either login as root or use it with su. Having the root password is potentially far more dangerous than just being allowed to run certain commands as root. You don't have to give out the root password. Sudo makes it easy to allow users to run some, but not all, commands as root, and Some would consider this a security risk because it undermines two of the main purposes of using sudo rather than su, which are: Having said that I was unaware of the power of sudoers, some users mentioned that you could specify which commands can be run with sudo (while leaving out some commands restricted to the root user only). Hence my reasoning to have it ask you for the root password. One could run any root command by simply typing their user password, which I thought defeated the purpose of root to begin with. My experience with sudo was on systems where sudo was simply a "synonym" for su. I do think that this may not apply to multi-user systems. Does the rationale make more sense in this context? I am running a personal Linux Machine, where I am the only user. However, could this be considered a security risk?Īnd if is not, why isn't this the default configuration in most distros? Mainly because I believe it makes sense that if you want to execute a root command, you should know the root password. I've set up my sudoers so that it asks the root password instead of the user password everytime I use sudo.
0 Comments
Read More
Leave a Reply. |