Found this piece <https://www.pclinuxos.com/forum/index.php/topic,90479.0.html> in the PCLinuxOS forums, courtesy of a reader link from <https://www.theregister.co.uk/2018/08/01/ncsc_ubuntu/>. Basically it says that “sudo”, when used “In The Manner Of the Buntus”, i.e. to be able to run arbitrary commands as root, is a bad idea. Instead, it should be carefully restricted to allow access only to functions needed by a particular user. To get blanket root access, it is better to use “su”, which means having a separate root password. Actually, it goes further than that: it decrees that anybody posting instructions on the PCLinuxOS forums involving “irresponsible” use of sudo (i.e. contrary to the philosophy above) is subject to having their posts deleted, being reprimanded, and ultimately having their account cancelled altogether. Thoughts?
If anybody gets hold of the user's password and accesses their computer they could sudo <username> <command> to do anything couldn't they? Or is there something preventing this? Rod On Wed, 1 Aug 2018 at 22:06, Lawrence D'Oliveiro <ldo(a)geek-central.gen.nz> wrote:
Found this piece <https://www.pclinuxos.com/forum/index.php/topic,90479.0.html> in the PCLinuxOS forums, courtesy of a reader link from <https://www.theregister.co.uk/2018/08/01/ncsc_ubuntu/>.
Basically it says that “sudo”, when used “In The Manner Of the Buntus”, i.e. to be able to run arbitrary commands as root, is a bad idea. Instead, it should be carefully restricted to allow access only to functions needed by a particular user. To get blanket root access, it is better to use “su”, which means having a separate root password.
Actually, it goes further than that: it decrees that anybody posting instructions on the PCLinuxOS forums involving “irresponsible” use of sudo (i.e. contrary to the philosophy above) is subject to having their posts deleted, being reprimanded, and ultimately having their account cancelled altogether.
Thoughts? _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
The user needs to be explicitly stated in the /etc/sudoers file, or be in a group that is mentioned in that file. If they aren't in the file, they cannot use sudo. The file can also place added restrictions (e.g. commands they can run). The su command requires you know the password of the user you want to become. Sent from my Samsung Galaxy smartphone. -------- Original message --------From: Roderick Aldridge <rod.aldridge1(a)gmail.com> Date: 1/08/18 10:20 PM (GMT+12:00) To: Waikato Linux Users Group <wlug(a)list.waikato.ac.nz> Subject: Re: [wlug] sudo Or su? If anybody gets hold of the user's password and accesses their computer they could sudo <username> <command> to do anything couldn't they?Or is there something preventing this?Rod On Wed, 1 Aug 2018 at 22:06, Lawrence D'Oliveiro <ldo(a)geek-central.gen.nz> wrote: Found this piece <https://www.pclinuxos.com/forum/index.php/topic,90479.0.html> in the PCLinuxOS forums, courtesy of a reader link from <https://www.theregister.co.uk/2018/08/01/ncsc_ubuntu/>. Basically it says that “sudo”, when used “In The Manner Of the Buntus”, i.e. to be able to run arbitrary commands as root, is a bad idea. Instead, it should be carefully restricted to allow access only to functions needed by a particular user. To get blanket root access, it is better to use “su”, which means having a separate root password. Actually, it goes further than that: it decrees that anybody posting instructions on the PCLinuxOS forums involving “irresponsible” use of sudo (i.e. contrary to the philosophy above) is subject to having their posts deleted, being reprimanded, and ultimately having their account cancelled altogether. Thoughts? _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
participants (3)
-
Lawrence D'Oliveiro -
Roderick Aldridge -
Simon Green