Re: [Trisquel-users] sudo make you system less secure
but systemd is backdoor :o
Re: [Trisquel-users] sudo make you system less secure
The check for weak passwords is really basic, and the only actual requirement IIRC is that the password be at least a certain length (either 6 or 8 characters; I'm not sure). My password used to be quite weak before I started using encryption on my home folder.
Re: [Trisquel-users] sudo make you system less secure
(Oh...I didn't know it could be configured not to ask for password. Fair enough, then).
Re: [Trisquel-users] sudo make you system less secure
sudo make all users to be a root It depends on how you configure it. The man page of sudoers describes the format of the main configuration file which is typically /etc/sudoers. You can allow only a few people or everybody to use sudo. It's highly configurable. You could even disable executing sudo for all users except a group of administrators by clearing (setting to 0) the execute bit of the sudo executable for others but leaving it set for user and group, then assigning the group of the executable to that of the administrators. However, this is more of a hack or additional protection (maybe upgrades would override it, I don't know). You can do the same with a simple line in /etc/sudoers. Debian by default allows only root and members of group sudo to execute sudo. Here are the relevant lines: # User privilege specification rootALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL Regards.
Re: [Trisquel-users] sudo make you system less secure
sudo-, prefix meaning sweat: sudogram, sudokeratosis, sudorrhe
Re: [Trisquel-users] sudo make you system less secure
The point of sudo su would be to execute multiple commands at once like sudo su -c command-een --anoption command-twee command-drie command-vier command-gangsal since using sudo alone (by omitting su -c from the above example)for that doesn't seem possible. Anyway, I think the not-accepting-a-weak-pasword part of Trisquel's installer was present upstream (i.e. it's Ubuntu's feature).
Re: [Trisquel-users] sudo make you system less secure
Anyway I don't see why people are so concerned about the UNIX Philosophy. This aint' UNIX, after all.
Re: [Trisquel-users] sudo make you system less secure
Hi friend. hi my friend What do you mean by moofed and issuing authority? sudo make all users to be a root
Re: [Trisquel-users] sudo make you system less secure
That's not true. Sudo is an alternative to logging in as root directly which can be configured to give each user any number of privileges. In that sense, it can be much more secure; you can give each user only permission to do exactly what they need to be able to do, and nothing more. Whereas with logging in as root, you need to give someone all the root permissions, or none. On typical user systems, like Trisquel's default settings, there is only a distinction between admins and non-admins: admins can do everything with sudo, and non-admins can do nothing with sudo. But that's not the most that sudo can do.
[Trisquel-users] sudo make you system less secure
Sorry I thought this thing with the moofed root accounts was bad, but I just saw a reference to [sudo su -] WHAT! That has to be the worst command in the scope of security You not only have a root accounted moofed so that the user has to rely on the security of the sudo command without being able to verify the authentication of the issuing authority other than the configuration of the command and that is sudo.. but now it is added as a layer of switch user (su) which is completely against the UNIX security model of never add any layers to account access. Logic: every layer provides one more place for a security failure.. When I first tested the sudo command by compiling the source in 2006 and found it to violate the UNIX standard security model I would have never believed that not only would it become something people use.. When you look at commercial organizations which use secure systems you will find that sudo is NEVER a command on those systems and there is a reason. the keyword here is security. UNIX and gnu/Linux can be secure, but it can also be unsecure.. all it takes is poor configuration, programming and bad commands to make it so. If people do not want to learn how to keep and use secure systems, use windows.. or even some device where the root authority is embedded in a chip like a smart phone, so the ISP can get into the system. The security designs are there because they have been working properly for over 40 years, either adhere to proper security or plan on having a security failure. I do understand that they are trying to make UNIX/Linux administration more user friendly so to attract more users. And from that point I am all for making systems more friendly. BUT!, Do not make systems friendly by making them less secure. http://www.sudo.ws/sudo/history.html
Re: [Trisquel-users] sudo make you system less secure
https://lxnay.wordpress.com/2011/09/14/quick-and-dirty-why-sudo-is-bad-for-security/
Re: [Trisquel-users] sudo make you system less secure
Hi friend. What do you mean by moofed and issuing authority?. Bear in mind that sudo doesn't uses certificates like SSL/TLS, so there is no issuing authority to speak of, at least as far as I know. I don't think that sudo su - is intrinsically bad for security. This is one possible use case for sudo. It makes sense in an environment where there is a set of users all of whom are all trusted system administrators, and they need to run tasks as root. The downside is that using this command, sudo doesn't by default logs every command that the administrator executes, but provided they are all trusted (all administrators are honest and responsible) then there should be no problem. Bear in mind that using sudo su - is no worser than using su - directly. Other than the above, I can't comment, because I don't really understand what point you are trying to make. Regards.