Re: Reporting missing package during install

[Andrei POPESCU]

On Mi, 18 dec 13, 13:11:30, Tom H wrote:
> 
> At home, people can run "sudo bash" (or more appropriately, "sudo -s"
> or "sudo -i") but we can't do that at my current job or other at my
> previous jobs.

Is this requirement for logging purposes?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt


signature.asc
Description: Digital signature

Re: Reporting missing package during install

[Tom H]

On Fri, Dec 13, 2013 at 4:50 PM, Gian Uberto Lauri  wrote:
> Tom H writes:


>> In the corporate environments where I work, we are about 70 sysadmins
>> in my location and about half as much in another. We all sudo to root
>> on our more or less 11,000 systems. So by your reckoning we have 100
>> critical accounts but that's not how our internal and external
>> security auditors see it.
>
> If I understand it clearly, these sysadmins are trained users who
> (hopefully) understand what you should or should not do. I think that
> "we all sudo" means "we the sysadmin".

There's no sudo training! We prepend root commands with sudo, that's it.


> If the situation is "one machine, one sudoer, no root" is like having
> "one machine, one user, su, root can not log from the net". Slightly
> less secure, but it should be really hard to insert some hijacker that
> exploits credentials cache since the persons are properly trained.

As I've said in another email in this thread, the idea that someone or
something can monitor someone's use of sudo to root and then use the
cached credentials to run a command silently, you have far greater
problems than worrying about imaginary security holes in sudo.


>> Most of the people who have no idea that they have a critical are like
>> my parents, who have Unity installed on their laptops. When they're
>> prompted to update their systems, they do so and type in their
>> passwords when asked to, just like a Windows or OS X user. Not
>> everyone messes around with his/her configuration, uses terminals, or
>> whatever.
>
> Are you sure that nobody will be able to hijack that use of sudo, even
> from the graphic versions?
>
> My opinion is that exploiting vulnerabilities like that will be
> profitable for the "dark side users" when the number of users like
> your parent will have reached a "critical number" (like in critical
> mass).

I don't use X on Debian so I don't know how DEs are set up but gksu is
no longer used by default on Ubuntu. It's pkexec that controls
elevated permissions and it doesn't cache credentials. AFAIR gksu
didn't either when it was used; perhaps it was set up in such a way
that every access to, for example, synaptic was considered the same
thing as using a different tty/pty.


> Furthermore the sudo habit of keeping valid an authentication for a
> certain amount of time seems like an open door for malicious code
> injection.

 You can use the "timestamp_timeout" option to set this to zero.
>>>
>>> This should be the default, but is not.
>>
>> I agree. But I suspect that, as someone else has pointed out, it would
>> annoy many people to have to type their password for every
>> sudo-prepended command.
>
> If you can use any program with sudo, just sudo bash for prolonged
> administrative tasks. And close the shell when finished.
>
> Nevertheless, there is a place where sudo cache is handy. If you write
> a script for some common users, it's better to use sudo for the
> sensible command only rather than for the whole script.
>
> In these case the optimum would be to tell sudo "starting for now
> cache the credentials for a very short time - some seconds - and stop
> caching when time expires" the first time you "engage" sudo and then
> kill the caching before leaving the script, some sort of begin
> transaction/commit.
>
> Currently you can have only the very short cache time always.

The default upstream cache timeout is 5 minutes; AFAIK the Debian
default is 15 minutes. Either the credentials should be cached or not.
Caching them for a short time doesn't make sense.

If the scenario that you're considering is that you run a command with
sudo, leave a terminal open, and someone else types in a command
prepended with sudo, that's your problem; users have to take SOME
responsibility. In corporate environments, you're sanctioned if you
don't lock your screen when you're not at your desk.

At home, people can run "sudo bash" (or more appropriately, "sudo -s"
or "sudo -i") but we can't do that at my current job or other at my
previous jobs.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=sztawod3s1symzop+j1otigauce_f68gktyujkhaw9...@mail.gmail.com

Re: coloured prompt for root (was ... Re: Reporting missing package during install)

[Chris Bannister]

On Wed, Dec 11, 2013 at 02:13:18PM +0100, Gian Uberto Lauri wrote:
> Chris Bannister writes:
> 
>  > This is in a tty, so don't know what will happen in an xterm or other
>  > virtual terminal.
> 
> The virtual terminals usually honour ANSI escape sequences. For sure
> xterm, the rxvt family and the libvte-based ones do.
> 
> But with virtual terminals you can do something like having a
> different background and foreground color (red on black is standard in
> my family).

Same on a tty. man setterm

-- 
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the 
oppressing." --- Malcolm X


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131214152453.GB9143@tal

Re: Reporting missing package during install

[Gian Uberto Lauri]

Tom H writes:

 > In the corporate environments where I work, we are about 70 sysadmins
 > in my location and about half as much in another. We all sudo to root
 > on our more or less 11,000 systems. So by your reckoning we have 100
 > critical accounts but that's not how our internal and external
 > security auditors see it.

If I understand it clearly, these sysadmins are trained users who
(hopefully)  understand what you should or should not do. I think that
"we all sudo" means "we the sysadmin".

If the situation is "one machine, one sudoer, no root" is like having
"one machine, one user, su, root can not log from the net". Slightly
less secure, but it should be really hard to insert some hijacker that
exploits credentials cache since the persons are properly trained.

 > Most of the people who have no idea that they have a critical are like
 > my parents, who have Unity installed on their laptops. When they're
 > prompted to update their systems, they do so and type in their
 > passwords when asked to, just like a Windows or OS X user. Not
 > everyone messes around with his/her configuration, uses terminals, or
 > whatever.

Are you sure that nobody will be able to hijack that use of sudo, even
from the graphic versions?

My opinion is that exploiting vulnerabilities like that will be
profitable for the "dark side users" when the number of users like
your parent will have reached a "critical number" (like in critical
mass).

BTW, Mac OS X users use a graphic form of sudo, i think w/o cache.

That will be the time that we will start to use antivirus programs on
GNU/linux like is common to do on Windows.

 > >>> Furthermore the sudo habit of keeping valid an authentication for a
 > >>> certain amount of time seems like an open door for malicious code
 > >>> injection.
 > >>
 > >> You can use the "timestamp_timeout" option to set this to zero.
 > >
 > > This should be the default, but is not.
 > 
 > I agree. But I suspect that, as someone else has pointed out, it would
 > annoy many people to have to type their password for every
 > sudo-prepended command.

If you  can use any  program with sudo,  just sudo bash  for prolonged
administrative tasks. And close the shell when finished.

Nevertheless, there is a place where sudo cache is handy. If you write
a script for some common users, it's better to use sudo for the
sensible command only rather than for the whole script.

In these  case the  optimum would  be to tell  sudo "starting  for now
cache the credentials for a very short  time - some seconds - and stop
caching when time  expires" the first time you "engage"  sudo and then
kill  the  caching before  leaving  the  script,  some sort  of  begin
transaction/commit.

Currently you can have only the very short cache time always.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21163.15039.767802.409...@mail.eng.it

Re: Reporting missing package during install

[Tom H]

On Tue, Dec 10, 2013 at 7:59 AM, Gian Uberto Lauri  wrote:
> Tom H writes:
>> On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri  wrote:


>>> If some users needed to have the root power for a small set of
>>> operation, then sudo would give them that extact power, no more no
>>> less.
>>>
>>> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
>>> security? Are you kidding? Whatever the user I compromise I have root
>>> access, just type "sudo bash".
>>
>> You seem to assume that everyone has "ALL" as the executable that can
>> be run via sudo.
>
> That wrong assumption has already been pointed out.
>
> But whit this configuration you have 2 critical accounts instead of
> one.
>
> Everybody is aware that root is a critical account, how many do
> realize that the first (often the only) user account in such systems
> is as critical as the root one?

In the corporate environments where I work, we are about 70 sysadmins
in my location and about half as much in another. We all sudo to root
on our more or less 11,000 systems. So by your reckoning we have 100
critical accounts but that's not how our internal and external
security auditors see it.

Most of the people who have no idea that they have a critical are like
my parents, who have Unity installed on their laptops. When they're
prompted to update their systems, they do so and type in their
passwords when asked to, just like a Windows or OS X user. Not
everyone messes around with his/her configuration, uses terminals, or
whatever.


>>> Furthermore the sudo habit of keeping valid an authentication for a
>>> certain amount of time seems like an open door for malicious code
>>> injection.
>>
>> You can use the "timestamp_timeout" option to set this to zero.
>
> This should be the default, but is not.

I agree. But I suspect that, as someone else has pointed out, it would
annoy many people to have to type their password for every
sudo-prepended command.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=Swr=r=e9cmxy_gbkyzpoxkfjkyg8ykmxwt+phyhnyp...@mail.gmail.com

Re: Reporting missing package during install

[Ralf Mardorf]

On Thu, 2013-12-12 at 22:14 +0900, Osamu Aoki wrote:
> 'sudo sh' is as easy on finger (no shift) and do not feel as bad.  

Doesn't it have any side-effects?

I wonder about the prompt of an Arch Linux install.

[rocketmouse@archlinux ~]$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Aug 25 14:06 /bin/sh -> bash
[rocketmouse@archlinux ~]$ sudo sh
sh-4.2# exit
[rocketmouse@archlinux ~]$ sudo bash
[root@archlinux rocketmouse]# exit
[rocketmouse@archlinux ~]$ sudo dash
# [rocketmouse@archlinux ~]$
  ^^^ after Ctrl + D no exit is displayed

And about the prompt of a *buntu Saucy install.

rocketmouse@saucy:~$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Nov 22 02:00 /bin/sh -> dash
rocketmouse@saucy:~$ sudo sh
# 
rocketmouse@saucy:~$ sudo dash
# 
rocketmouse@saucy:~$ sudo bash
root@saucy:~# exit
rocketmouse@saucy:~$

Always exited by Ctrl + D.

I'll install Debian within the next days, don't know how it does behave by 
default.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1386867448.1861.3.camel@saucy

Re: Reporting missing package during install

[Reco]

On Thu, 12 Dec 2013 22:14:50 +0900
Osamu Aoki  wrote:

> On Sun, Dec 08, 2013 at 09:09:53PM -0500, Neal Murphy wrote:
> > On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
> > > On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
> > > > For me, I usually set up 'sudo su'
> > > 
> > > sudo has the '-s' and '-i' switches, why mix with 'su'?
> > > 
> > > Kind regards,
> > > Andrei
> > 
> > 'sudo su' rolls off the fingers easier.
> 
> 'sudo sh' is as easy on finger (no shift) and do not feel as bad.  

Sure, if you don't mind using dash instead of bash, 'sudo sh' and 'sudo
su' are the same. 

Also, 'sudo su -' and 'sudo -i' set up all root environment variables
(specifically, $HOME). 'sudo sh' keeps $HOME, which can lead to
not-so-funny things.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131212190251.1d56020860f2c01e42127...@gmail.com

Re: Reporting missing package during install

[Osamu Aoki]

On Sun, Dec 08, 2013 at 09:09:53PM -0500, Neal Murphy wrote:
> On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
> > On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
> > > For me, I usually set up 'sudo su'
> > 
> > sudo has the '-s' and '-i' switches, why mix with 'su'?
> > 
> > Kind regards,
> > Andrei
> 
> 'sudo su' rolls off the fingers easier.

'sudo sh' is as easy on finger (no shift) and do not feel as bad.  

Osamu


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131212131450.GB6615@goofy

coloured prompt for root (was ... Re: Reporting missing package during install)

[Gian Uberto Lauri]

Chris Bannister writes:

 > This is in a tty, so don't know what will happen in an xterm or other
 > virtual terminal.

The virtual terminals usually honour ANSI escape sequences. For sure
xterm, the rxvt family and the libvte-based ones do.

But with virtual terminals you can do something like having a
different background and foreground color (red on black is standard in
my family).

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21160.25838.10788.698...@mail.eng.it

coloured prompt for root (was ... Re: Reporting missing package during install)

[Chris Bannister]

On Tue, Dec 10, 2013 at 11:11:34PM +, Lisi Reisz wrote:
> On Tuesday 10 December 2013 06:39:17 Tom H wrote:
> > You can't trust yourself with sudo but you can trust yourself with
> > su or login root access...
> 
> I have to make a conscious effort to become root.  This reduces the 
> risk that I will accidentally do something extra foolish.  I do not 
> have root login access and do not want it. The Debian default in this 
> is very sensible.  (As it usually is.)

I put this in my .bashrc:
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$
'
(All one line!)

This makes the prompt display in red, giving extra warning. :)

This is in a tty, so don't know what will happen in an xterm or other
virtual terminal.

Just comment out the old line, in case you want to go back to the way it
was.

-- 
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the 
oppressing." --- Malcolm X


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131211120718.GA12607@tal

Re: Reporting missing package during install

[Lisi Reisz]

On Tuesday 10 December 2013 06:39:17 Tom H wrote:
> You can't trust yourself with sudo but you can trust yourself with
> su or login root access...

I have to make a conscious effort to become root.  This reduces the 
risk that I will accidentally do something extra foolish.  I do not 
have root login access and do not want it. The Debian default in this 
is very sensible.  (As it usually is.)

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201312102311.34476.lisi.re...@gmail.com

Re: Reporting missing package during install

[Gian Uberto Lauri]

Andrei POPESCU writes:
 > On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote:
 > > Andrei POPESCU writes:
 > >  > On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
 > >  > > 
 > >  > > sudo makes it a bit worse. Any user account opens the door to the root
 > >  > > account. Therefore you have to guard a larger perimeter.
 > >  >  
 > >  > Could you please elaborate on this? In Debian's default configuration 
 > >  > this is simply not true.
 > > 
 > > In Debian default configuration you have 2 critical accounts instead
 > > of one.
 >  
 > You said 'any', but anyway...

Indeed. 'Any' was wrong, my error.

But overlooking the criticality of even ONE account may be too much.

 > > Think about this scenario: someone devises a clever way to slip a
 > > Trojan in a user account. 
 > 
 > Ok.
 > 
 > > Most of  the people  is at leas  slightly less  security-paranoid when
 > > using their own account than they are with the root one. 
 > > 
 > > The Trojan could exploit sudo to gain access to the root account by
 > > exploiting this lack of attention. Therefore you have to be paranoid
 > > with TWO accounts. Or use a non sudo-capable account for ordinary work
 > > and a sudo-capable one for administrative task. 
 >  
 > How difficult do you think it is to write a small program to present you 
 > a su-like password prompt. 

This is ludicrously easy. To write it really stealth is not so easy.

But I was not thinking about "pretending to be some other code" or
"store somewhere your input". I was thinking about hijacking the
stdin/stdout (not a tee) to inject malicious commands.

 > Drop that somewhere in your path (let's 
 > assume ~/bin, since only the user account is compromised).

You assume that ~/bin comes first. If it is not true... 

 > The point I'm trying to make is that the root account is as vulnerable 
 > as the user account used to getting root. The additional password 
 > doesn't add any significant security. It's probably safer to disable 
 > root's password and use a really strong password for the user.

You are right on all but one point: as I said before, everybody is
aware of the importance of root. On the other hand most people thinks
"they will at most hit my user account". And they neglect that their
user account may be the perfect beach head to access root.

 > > I am not logging on with X running! I ALWAYS start X from the shell,
 > > that's after all the times I seen X11 crashing immediately under xdm...
 >  
 > Still, there is much more code running as root that isn't supposed to 
 > (window manager, session manager, etc.)

On my machine, the only X-related program running as 0:0 is X.

 > developers moved so much of the video driver code to kernel modules? One 
 > of the benefits will be the ability to run X with less privileges. Now 
 > it's still running as root :(

Some part of the drives can be moved to the kernel and handling the
hardware is kernel job.

On the other hand X is at least 20 years old and since then people is
aware of the problem.

I think that a lot less people is aware of the possible problems with
sudo. Personally I will reconfigure it...

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21158.52928.256634.48...@mail.eng.it

Re: Reporting missing package during install

[Gian Uberto Lauri]

Tom H writes:

 > On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri  wrote:
 > > If some users needed to have the root power for a small set of
 > > operation, then sudo would give them that extact power, no more no
 > > less.
 > >
 > > What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
 > > security? Are you kidding? Whatever the user I compromise I have root
 > > access, just type "sudo bash".
 > 
 > You seem to assume that everyone has "ALL" as the executable that can
 > be run via sudo.

That wrong assumption has already been pointed out.

But whit this configuration you have 2 critical accounts instead of
one.

Everybody is aware that root is a critical account, how many do
realize that the first (often the only) user account in such systems
is as critical as the root one?

 > > Furthermore the sudo habit of keeping valid an authentication for a
 > > certain amount of time seems like an open door for malicious code
 > > injection.
 > 
 > You can use the "timestamp_timeout" option to set this to zero.

This should be the default, but is not.

 > Is your malicious code injection scenario that a person or a program
 > is watching for you to use sudo so as to abuse this timeout? I'd say
 > that you have a bigger problem if a cracker already has that full an
 > access to your system.

Nope. *That* could be the beach head to invade your system.

You never compiled some downloaded source  on your system? Do you scan
them?

We  usually trust  Free  Software source  code, but  how  many do  the
signature check of the tarball they just downloaded (and if you can
inject malicious code in the source, chances are high that you can
also get the poisoned meatball signed).

Who is vulnerable? Inexperienced users. With a small user base these
may be a small number, but if the user base grows, as we hope?

 > What's the difference between giving some of those users access to
 > root and giving those same ones sudo access to root?

On this point, I have to agree with you since further sudo grants have
to been given explicitly.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21158.51689.545760.766...@mail.eng.it

Re: Reporting missing package during install

[Gian Uberto Lauri]

Ralf Mardorf writes:
 > On Mon, 2013-12-09 at 18:13 +0100, Gian Uberto Lauri wrote:
 > > Think about this scenario: someone devises a clever way to slip a
 > > Trojan in a user account.
 > 
 > Than the trojan has got user privileges only. If it's a key logger it
 > can read what password you type for sudo, but also what you type for su.

What I fear is a fiendish tool that hijacks your bash stdin and stdout
and injects sudo commands. Not a keylogger, some stealty bastard that
stays hidden, hits, and returns hidden.

 > I know they hack servers, but was the Linux home PC of anybody on this
 > list ever hacked?

How could you detect? Are you sure you have the skills to detect this?
Do you feel safe because you are on a dynamically assigned IP?

Linux home PC are not yet a direct target because the user base of
Linux desktop users. Give them a good reason to write a stuxnet for
GNU/Linux and they will write a stuxnet for GNU/Linux.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21158.50965.22307.269...@mail.eng.it

Re: Reporting missing package during install

[Tom H]

On Mon, Dec 9, 2013 at 10:38 PM, Lisi Reisz  wrote:
> On Monday 09 December 2013 18:55:33 Tom H wrote:

 Yes, I don't like it and always want a root password. As you
 say, this is and has been contentious.
>>
>> Having a password for root and having sudo installed and set up
>> isn't an either/or proposition.
>
> We have already agreed surely that horses vary with courses. I don't
> trust myself and would never use sudo, so it is safer if I do not
> have it on my box. Moreover, during installation I think that one is
> offered either/or, not both. (Which is what we were discussing.)

The discussion may have started as a discussion of sudo at install
time but I was replying to a post that was basically declaring sudo to
be evil.

You can't trust yourself with sudo but you can trust yourself with su
or login root access...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=Sz=1O=l-ui6wwgqzm33cptwl9xt4a9yr_zjlvc3+9p...@mail.gmail.com

Re: Reporting missing package during install

[Andrei POPESCU]

On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote:
> Andrei POPESCU writes:
>  > On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
>  > > 
>  > > sudo makes it a bit worse. Any user account opens the door to the root
>  > > account. Therefore you have to guard a larger perimeter.
>  >  
>  > Could you please elaborate on this? In Debian's default configuration 
>  > this is simply not true.
> 
> In Debian default configuration you have 2 critical accounts instead
> of one.
 
You said 'any', but anyway...

> Think about this scenario: someone devises a clever way to slip a
> Trojan in a user account. 

Ok.

> Most of  the people  is at leas  slightly less  security-paranoid when
> using their own account than they are with the root one. 
> 
> The Trojan could exploit sudo to gain access to the root account by
> exploiting this lack of attention. Therefore you have to be paranoid
> with TWO accounts. Or use a non sudo-capable account for ordinary work
> and a sudo-capable one for administrative task. 
 
How difficult do you think it is to write a small program to present you 
a su-like password prompt. Drop that somewhere in your path (let's 
assume ~/bin, since only the user account is compromised). The first 
time you try to use 'su' it presents you a nice password prompt. When 
you type in the password it stores it in a safe place and then pretends 
you provided the wrong password and passes you to the real 'su' and 
deletes itself to cover any traces. I didn't try, but I think I could 
write this in a few lines of shell.

The point I'm trying to make is that the root account is as vulnerable 
as the user account used to getting root. The additional password 
doesn't add any significant security. It's probably safer to disable 
root's password and use a really strong password for the user.

> I am not logging on with X running! I ALWAYS start X from the shell,
> that's after all the times I seen X11 crashing immediately under xdm...
 
Still, there is much more code running as root that isn't supposed to 
(window manager, session manager, etc.)

> The bug that allowed anybody to peek your keyboard should be
> gone from a long time ago, nevertheless there are options to prevent
> these when you initially enter the root password in a terminal.
> 
> Doing su or sudo in a terminal is equally risky.

No, there is much more code running as root and more importantly, code 
that was never meant to be run as root. Why do you think the Xorg 
developers moved so much of the video driver code to kernel modules? One 
of the benefits will be the ability to run X with less privileges. Now 
it's still running as root :(

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt


signature.asc
Description: Digital signature

Re: Reporting missing package during install

[Lisi Reisz]

On Monday 09 December 2013 18:55:33 Tom H wrote:
> >> Yes, I don't like it and always want a root password. As you
> >> say, this is and has been contentious.
>
> Having a password for root and having sudo installed and set up
> isn't an either/or proposition.

We have already agreed surely that horses vary with courses.  I don't 
trust myself and would never use sudo, so it is safer if I do not 
have it on my box.  Moreover, during installation I think that one is 
offered either/or, not both.  (Which is what we were discussing.)  
Jessie may be different.  As I said, I have so far not installed 
Jessie.

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201312092238.12418.lisi.re...@gmail.com

Re: Reporting missing package during install

[Tom H]

On Mon, Dec 9, 2013 at 9:56 AM, Gian Uberto Lauri  wrote:
> Andrei POPESCU writes:
>> On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:


>>> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
>>> security? Are you kidding? Whatever the user I compromise I have root
>>> access, just type "sudo bash".
>>
>> sudo doesn't make this worse, just slightly easier. Compromising any
>> user account used for getting root is equivalent to getting root on the
>> system.
>
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.

You're assuming that everyone has "ALL" as the executable that can be
run via sudo and that sudo is only used to act as root.


>> 2. it's still better than having to require a password every time the
>> user runs 'sudo ', because the net effect would be that most
>> would disable the password completely or just leave a 'sudo -i' session
>> active for ever (and not lock their screen, etc.)
>
> Teach them to use a root session that must be handled with exteme
> care.
>
> I have to do X commands as root? I su root, do the X command and close
> the session.
>
> With the off-the-shelf configuration, the simplest thing to do is sudo
> bash.

You're assuming that everyone has "ALL" as the executable that can be
run via sudo. By default on a Debian system, only the members of the
"sudo" group have unrestricted access to root via sudo.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=sxh5hc6svhnp6rscxytrriuve9zwosupxz7jgvojvu...@mail.gmail.com

Re: Reporting missing package during install

[Tom H]

On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri  wrote:
> Lisi Reisz writes:
>> On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:


>>> If you look back in the mailing list archives you will find a
>>> recent discussion where there were some people who didn't like
>>> sudo. I was shocked by that because I always thought that most
>>> people liked it.
>>
>> Yes, I don't like it and always want a root password. As you say,
>> this is and has been contentious.

Having a password for root and having sudo installed and set up isn't
an either/or proposition.


> sudo has been introduced to give limited root power to a limited set
> of users, something in between using the root password (only the
> admins) and the setuid bit (all those that could run a program).

sudo isn't simply to switch to root and sudo isn't simply to switch to
another user. We have 6 or 7 more developers than sysadmins and the
developers have thousands of sudo rules with only some with access to
root (only to install their packages and only in certain teams).

I've never seen it done but you can also change the default runas user
for sudo for it not to be root, using the "runas_default" option.


> If some users needed to have the root power for a small set of
> operation, then sudo would give them that extact power, no more no
> less.
>
> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
> security? Are you kidding? Whatever the user I compromise I have root
> access, just type "sudo bash".

You seem to assume that everyone has "ALL" as the executable that can
be run via sudo. In OS X and Ubuntu (and in Fedora if you don't don't
opt-in in anaconda to set a root password) the first user is
considered an "administrator" and is set up to have access to sudo.
For any further user, the default is for him/her not to be an
administrator.


> Furthermore the sudo habit of keeping valid an authentication for a
> certain amount of time seems like an open door for malicious code
> injection.

You can use the "timestamp_timeout" option to set this to zero.

Is your malicious code injection scenario that a person or a program
is watching for you to use sudo so as to abuse this timeout? I'd say
that you have a bigger problem if a cracker already has that full an
access to your system.


> And if this not enough, sudo may become disruptive on machines with
> several users, unless all of them have the required skills (included
> the one of stopping and asking advice!) and common administration
> policies are accepted by all.

What's the difference between giving some of those users access to
root and giving those same ones sudo access to root?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=Syt=fbmsrxdi+wsdqhpr7ob1jh9rewhiwc6rauu8nm...@mail.gmail.com

Re: Reporting missing package during install

[Ralf Mardorf]

On Mon, 2013-12-09 at 18:13 +0100, Gian Uberto Lauri wrote:
> Think about this scenario: someone devises a clever way to slip a
> Trojan in a user account.

Than the trojan has got user privileges only. If it's a key logger it
can read what password you type for sudo, but also what you type for su.

User 1000 who has got cow powers when using sudo, does not have the cow
powers without running sudo.

It doesn't matter if you set-up and use sudo, su or sudo and su.
Security is a combination of actions to be taken.

I know they hack servers, but was the Linux home PC of anybody on this
list ever hacked?



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1386610474.14806.166.camel@archlinux

Re: Reporting missing package during install

[Gian Uberto Lauri]

Andrei POPESCU writes:
 > On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
 > > 
 > > sudo makes it a bit worse. Any user account opens the door to the root
 > > account. Therefore you have to guard a larger perimeter.
 >  
 > Could you please elaborate on this? In Debian's default configuration 
 > this is simply not true.

In Debian default configuration you have 2 critical accounts instead
of one.

Think about this scenario: someone devises a clever way to slip a
Trojan in a user account. 

Most of  the people  is at leas  slightly less  security-paranoid when
using their own account than they are with the root one. 

The Trojan could exploit sudo to gain access to the root account by
exploiting this lack of attention. Therefore you have to be paranoid
with TWO accounts. Or use a non sudo-capable account for ordinary work
and a sudo-capable one for administrative task. 

And we are back with two accounts, but with 3 homes :)

 > >  > > Furthermore the  sudo habit of  keeping valid an authentication  for a
 > >  > > certain amount  of time  seems like  an open  door for  malicious code
 > >  > > injection.
 > >  > 
 > >  > 1. this can be turned off
 > > 
 > > It should by default, or the configuration should be more flexible and
 > > interactive.
 > > 
 > > Even rewriting the configuration-file-handling-code in sudo could be a
 > > good idea :>.
 > 
 > Huh?

sudo configuration is a bit clunky, not plain and intuitive.

 > You are of course 
 > aware that you can configure sudo to only allow specific commands, 
 > right?
 
And this is what sudo is for: grant the minimum required power.

Default configuration should be: sudo grants nothing to nobody, the
sysadmin should add what required.

This (ab)use of sudo makes good practices less evident.

 > > I have to do X commands as root? I su root, do the X command and close
 > > the session.

Sorry for the poor wording, I am all but an English native speaker.
I meant the "root shell started with su" when I wrote "session".

I understand that "session" is very easily misunderstood as "X11
session", my wording error.

 > > 
 > > With the off-the-shelf configuration, the simplest thing to do is sudo
 > > bash.
 > 
 > Sorry, but I can't see the connection between those two. 

Tell me what changes between 'su -' and 'sudo bash'. Despite the
password you must type.

 > Besides, 
 > logging in as root under X is a big no-no, there are much safer ways to 
 > run X programs as root (though I don't remember the last time I needed 
 > to do this).

I am not logging on with X running! I ALWAYS start X from the shell,
that's after all the times I seen X11 crashing immediately under xdm...

The bug that allowed anybody to peek your keyboard should be
gone from a long time ago, nevertheless there are options to prevent
these when you initially enter the root password in a terminal.

Doing su or sudo in a terminal is equally risky.

 > > Mine talk about a group with a sysadmin where having "all this
 > > freedom" to sudo lead to a waste and misallocation of resources that
 > > took some *months* to fix.
 > > 
 > > Yes, policies should have prevented this, but this use of sudo leads
 > > users to feel less "the danger" that lies beneath using administrative
 > > privileges in a system. It's a psychological barrier that you should
 > > not underestimate.
 > 
 > The default configuration doesn't grant privileges to anyone. The 
 > sysadmin is responsible for granting additional privileges only to 
 > properly trained/responsible/etc. persons.

True. It was a case of people doing cut'n'paste of the line, sudo
standard configuration is not to blame.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21157.64035.378332.381...@mail.eng.it

Re: Reporting missing package during install

[Andrei POPESCU]

On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
> 
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.
 
Could you please elaborate on this? In Debian's default configuration 
this is simply not true.

>  > > Furthermore the  sudo habit of  keeping valid an authentication  for a
>  > > certain amount  of time  seems like  an open  door for  malicious code
>  > > injection.
>  > 
>  > 1. this can be turned off
> 
> It should by default, or the configuration should be more flexible and
> interactive.
> 
> Even rewriting the configuration-file-handling-code in sudo could be a
> good idea :>.

Huh?
 
>  > 2. it's still better than having to require a password every time the 
>  > user runs 'sudo ', because the net effect would be that most 
>  > would disable the password completely or just leave a 'sudo -i' session 
>  > active for ever (and not lock their screen, etc.)
> 
> Teach them to use a root session that must be handled with exteme
> care.

I'd rather they work as they own user all the time and just preface with 
'sudo' the occasional command that really needs it. You are of course 
aware that you can configure sudo to only allow specific commands, 
right?

> I have to do X commands as root? I su root, do the X command and close
> the session.
> 
> With the off-the-shelf configuration, the simplest thing to do is sudo
> bash.

Sorry, but I can't see the connection between those two. Besides, 
logging in as root under X is a big no-no, there are much safer ways to 
run X programs as root (though I don't remember the last time I needed 
to do this).

> Mine talk about a group with a sysadmin where having "all this
> freedom" to sudo lead to a waste and misallocation of resources that
> took some *months* to fix.
> 
> Yes, policies should have prevented this, but this use of sudo leads
> users to feel less "the danger" that lies beneath using administrative
> privileges in a system. It's a psychological barrier that you should
> not underestimate.

The default configuration doesn't grant privileges to anyone. The 
sysadmin is responsible for granting additional privileges only to 
properly trained/responsible/etc. persons.

If a trainee cook cuts his (or someone else's) fingers you don't blame 
the knife (or make them use blunt knifes instead).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt


signature.asc
Description: Digital signature

Re: Reporting missing package during install

[Nemeth Gyorgy]

2013-12-09 14:43 keltezéssel, Gian Uberto Lauri írta:
>  > This is not true. Only the user account which is in /etc/sudoers can use
>  > the sudo command. In Debian default it acutally means the members of the
>  > sudo group. 
> 
> AFAIK it means "those listed in /etc/sudoers", according to the
> behaviour of the wheezy installation I am, using right now.
> 
> Reducing  the full  root  access "any"  to "any  one  included in  the
> /etc/sudoer" file either does not  improve the situation or makes sudo
> non-necessary.

It improves.

> 
> /etc/sudoer should start "empty".

By default it is empty. It contains only the 'sudo' group which group is
empty.


-- 
--- Friczy ---
'Death is not a bug, it's a feature'


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52a5d4d0.7070...@freemail.hu

Re: Reporting missing package during install

[Gian Uberto Lauri]

John Hasler writes:
 > Gian Uberto Lauri writes:
 > > sudo makes it a bit worse. Any user account opens the door to the root
 > > account. Therefore you have to guard a larger perimeter.
 > 
 > Ubuntu grants sudo privileges only to the first user account created.
 > As there is no root account, there is just one account with root
 > privileges.

Ubuntu does it the wrong way, as Mac OS does. This does not improve
security, just leaves some more door open.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21157.51526.241678.165...@mail.eng.it

Re: Reporting missing package during install

[Gian Uberto Lauri]

Nemeth Gyorgy writes:
 > 2013-12-09 10:56 keltezéssel, Gian Uberto Lauri írta:
 > > sudo makes it a bit worse. Any user account opens the door to the root
 > > account. Therefore you have to guard a larger perimeter.
 > 
 > This is not true. Only the user account which is in /etc/sudoers can use
 > the sudo command. In Debian default it acutally means the members of the
 > sudo group. 

AFAIK it means "those listed in /etc/sudoers", according to the
behaviour of the wheezy installation I am, using right now.

Reducing  the full  root  access "any"  to "any  one  included in  the
/etc/sudoer" file either does not  improve the situation or makes sudo
non-necessary.

/etc/sudoer should start "empty".

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21157.51449.377862.220...@mail.eng.it

Re: Reporting missing package during install

[John Hasler]

Gian Uberto Lauri writes:
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.

Ubuntu grants sudo privileges only to the first user account created.
As there is no root account, there is just one account with root
privileges.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87vbyyjgz5@thumper.dhh.gt.org

Re: Reporting missing package during install

[Nemeth Gyorgy]

2013-12-09 10:56 keltezéssel, Gian Uberto Lauri írta:
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.

This is not true. Only the user account which is in /etc/sudoers can use
the sudo command. In Debian default it acutally means the members of the
sudo group. It is up to the root user to decide who will be the member.


-- 
--- Friczy ---
'Death is not a bug, it's a feature'


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52a5c308.2010...@freemail.hu

Re: Reporting missing package during install

[Gian Uberto Lauri]

Andrei POPESCU writes:
 > On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
 > > 
 > > What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
 > > security? Are you kidding? Whatever the user I compromise I have root
 > > access, just type "sudo bash".
 >  
 > sudo doesn't make this worse, just slightly easier. Compromising any 
 > user account used for getting root is equivalent to getting root on the 
 > system.

sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.

 > > Furthermore the  sudo habit of  keeping valid an authentication  for a
 > > certain amount  of time  seems like  an open  door for  malicious code
 > > injection.
 > 
 > 1. this can be turned off

It should by default, or the configuration should be more flexible and
interactive.

Even rewriting the configuration-file-handling-code in sudo could be a
good idea :>.

 > 2. it's still better than having to require a password every time the 
 > user runs 'sudo ', because the net effect would be that most 
 > would disable the password completely or just leave a 'sudo -i' session 
 > active for ever (and not lock their screen, etc.)

Teach them to use a root session that must be handled with exteme
care.

I have to do X commands as root? I su root, do the X command and close
the session.

With the off-the-shelf configuration, the simplest thing to do is sudo
bash.

(BTW, I work with a root-dedicated terminal with proper "scary" icon and
color theme to remind me that it's a "dangerous" environment).

 > > And if  this not enough, sudo  may become disruptive on  machines with
 > > several users, unless  all of them have the  required skills (included
 > > the  one of  stopping and  asking advice!)  and common  administration
 > > policies are accepted by all.
 > 
 > Sorry, but I don't think it's fair to blame 'sudo' for the fact that the 
 > system administrator granted sudo privileges to the wrong users. You 
 > can't solve social problems by technical means.

I blame the default configuration sudo is shiwpped with.

Andrei, I never walked in your shoes  so I can't do assumption on your
experiences.

Mine talk about a group with a sysadmin where having "all this
freedom" to sudo lead to a waste and misallocation of resources that
took some *months* to fix.

Yes, policies should have prevented this, but this use of sudo leads
users to feel less "the danger" that lies beneath using administrative
privileges in a system. It's a psychological barrier that you should
not underestimate.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21157.37830.879558.114...@mail.eng.it

Re: Reporting missing package during install

[Andrei POPESCU]

On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
> 
> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
> security? Are you kidding? Whatever the user I compromise I have root
> access, just type "sudo bash".
 
sudo doesn't make this worse, just slightly easier. Compromising any 
user account used for getting root is equivalent to getting root on the 
system.

> Furthermore the  sudo habit of  keeping valid an authentication  for a
> certain amount  of time  seems like  an open  door for  malicious code
> injection.

1. this can be turned off
2. it's still better than having to require a password every time the 
user runs 'sudo ', because the net effect would be that most 
would disable the password completely or just leave a 'sudo -i' session 
active for ever (and not lock their screen, etc.)

> And if  this not enough, sudo  may become disruptive on  machines with
> several users, unless  all of them have the  required skills (included
> the  one of  stopping and  asking advice!)  and common  administration
> policies are accepted by all.

Sorry, but I don't think it's fair to blame 'sudo' for the fact that the 
system administrator granted sudo privileges to the wrong users. You 
can't solve social problems by technical means.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt


signature.asc
Description: Digital signature

Re: Reporting missing package during install

[Gian Uberto Lauri]

Lisi Reisz writes:
 > On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
 > > If you look back in the mailing list archives you will find a
 > > recent discussion where there were some people who didn't like
 > > sudo.  I was shocked by that because I always thought that most
 > > people liked it.
 > 
 > Yes, I don't like it and always want a root password.  As you say, 
 > this is and has been contentious.

My €0.02 to the debate.

sudo has been  introduced to give limited root power  to a limited set
of  users, something  in between  using  the root  password (only  the
admins) and the setuid bit (all those that could run a program).

If  some users  needed to  have  the root  power  for a  small set  of
operation, then  sudo would give  them that  extact power, no  more no
less.

What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
security? Are you kidding? Whatever the user I compromise I have root
access, just type "sudo bash".

Furthermore the  sudo habit of  keeping valid an authentication  for a
certain amount  of time  seems like  an open  door for  malicious code
injection.

And if  this not enough, sudo  may become disruptive on  machines with
several users, unless  all of them have the  required skills (included
the  one of  stopping and  asking advice!)  and common  administration
policies are accepted by all.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21157.31399.63135.88...@mail.eng.it

Re: Reporting missing package during install

[Neal Murphy]

On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
> On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
> > For me, I usually set up 'sudo su'
> 
> sudo has the '-s' and '-i' switches, why mix with 'su'?
> 
> Kind regards,
> Andrei

'sudo su' rolls off the fingers easier.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201312082109.53194.neal.p.mur...@alum.wpi.edu

Re: Reporting missing package during install

[Andrei POPESCU]

On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
> 
> For me, I usually set up 'sudo su' 

sudo has the '-s' and '-i' switches, why mix with 'su'?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt


signature.asc
Description: Digital signature

Re: Reporting missing package during install

[Neal Murphy]

On Sunday, December 08, 2013 07:01:50 PM Lisi Reisz wrote:
> On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
> > If you look back in the mailing list archives you will find a
> > recent discussion where there were some people who didn't like
> > sudo.  I was shocked by that because I always thought that most
> > people liked it.
> 
> Yes, I don't like it and always want a root password.  As you say,
> this is and has been contentious.  I personally am better having to
> use a different password in order to do admin tasks.  I am just too
> accident prone to use the same password for everything.  And if I am
> going to set up a separate administrator, that administrator might as
> well be root.
> 
> I am the only user on my box, which I think is relevant.  And my
> husband actively doesn't want to be able to mess up his system.  My
> granddaughter felt the same.  My husband has explicitly asked me not
> to tell him his root password.
> 
> Horses for courses?  "I may not agree with what you say, but I will
> fight to the death for your right to say it."

Quite sensible. In your circumstances.

For me, I usually set up 'sudo su' to become root without password on my 
desktop because I am always becoming root for one reason or another (to run my 
kvm-go script that starts KVM sessions, to clean up my smoothwall builds, to 
allow the smoothwall build system to become root as needed, etc.) On other 
systems, I usually use 'su' and enter the root password.

System flexibility is the key to enabling people to work how they need to.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201312081914.49760.neal.p.mur...@alum.wpi.edu

Re: Reporting missing package during install

[Lisi Reisz]

On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
> If you look back in the mailing list archives you will find a
> recent discussion where there were some people who didn't like
> sudo.  I was shocked by that because I always thought that most
> people liked it.

Yes, I don't like it and always want a root password.  As you say, 
this is and has been contentious.  I personally am better having to 
use a different password in order to do admin tasks.  I am just too 
accident prone to use the same password for everything.  And if I am 
going to set up a separate administrator, that administrator might as 
well be root.

I am the only user on my box, which I think is relevant.  And my 
husband actively doesn't want to be able to mess up his system.  My 
granddaughter felt the same.  My husband has explicitly asked me not 
to tell him his root password.

Horses for courses?  "I may not agree with what you say, but I will 
fight to the death for your right to say it."

Lisi


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201312090001.50206.lisi.re...@gmail.com

Re: Reporting missing package during install

[Bob Proulx]

Andrei POPESCU wrote:
> Troy Engel wrote:
> > Hi all - which package do you report against for a missing package during
> > install? debian-installer? user-setup? The jessie .iso 2013-12-07 netinst
> > using only groups "SSH Server" and "Standard Tools" failed to install sudo.
> > The sudo group is in /etc/group just no package -- I tested the latest
> > wheezy .iso netinst install and it was there as expected so I think it's a
> > jessie regression... (or was this on purpose?)

It is on purpose.  It is not a regression since previous versions also
behaved the same.

> $ apt-cache show sudo | grep Priority
> Priority: optional
> 
> As far as I know sudo will get installed if you choose to not set up a 
> root password, because then it will be needed for admin tasks.

Correct.

> > wheezy .iso netinst install and it was there as expected so I think it's a
> > jessie regression... (or was this on purpose?)

As Andrei says, this is intentional.  The Jessie installer is also the
same as Squeeze 6 and Wheezy 7.  Sudo is an optional component.  If
during the installation you do not set a root password then the
installer will install sudo and set up the non-root user for sudo.
This is explained in some detail in this message:

  http://lists.debian.org/debian-user/2013/10/msg01670.html

If you look back in the mailing list archives you will find a recent
discussion where there were some people who didn't like sudo.  I was
shocked by that because I always thought that most people liked it.
And certainly if you didn't like it then you are not forced to use it.
I think the people who disliked it just misunderstood it. :-)

I think previously if the installer installed sudo for you then during
the installation you chose not to set a root password.  Then sudo was
installed and your user was set up for sudo automatically.

If I had my wishes then I would have sudo set up by default for the
first user even if a root password was set.  But that would be a
change in behavior from previous installers and so might trip someone
up.  Changing long standing behavior is not something that ever makes
everyone happy and should only be done cautiously.

Bob


signature.asc
Description: Digital signature

Re: Reporting missing package during install

[Andrei POPESCU]

On Sb, 07 dec 13, 11:17:58, Troy Engel wrote:
> Hi all - which package do you report against for a missing package during
> install? debian-installer? user-setup? The jessie .iso 2013-12-07 netinst
> using only groups "SSH Server" and "Standard Tools" failed to install sudo.
> The sudo group is in /etc/group just no package -- I tested the latest
> wheezy .iso netinst install and it was there as expected so I think it's a
> jessie regression... (or was this on purpose?)

$ apt-cache show sudo | grep Priority
Priority: optional

As far as I know sudo will get installed if you choose to not set up a 
root password, because then it will be needed for admin tasks.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt


signature.asc
Description: Digital signature