sudo again?
|
| Author | Content |
|---|---|
| azerthoth Apr 24, 2010 2:31 PM EDT |
Quoting: 8. Root privileges sudo is not root. In some distros it can be proved that sudo does not even update the operating environment properly when invoked, it just gets you read/write root perms. If you want to teach root access, use the standard and not the exception ... su . |
| jdixon Apr 24, 2010 2:59 PM EDT |
Not all distros set up sudo access for their users. On those distros, trying to use sudo won't work at all. |
| djohnston Apr 24, 2010 3:09 PM EDT |
The author is evidently another pundit who thinks Ubuntu IS Linux. |
| techiem2 Apr 24, 2010 3:23 PM EDT |
As I recall Gentoo doesn't even install sudo automatically. I believe I've had to install it myself on the machines I've wanted to use it for something on. Then of course I have to configure it to work how I want. |
| gus3 Apr 24, 2010 5:07 PM EDT |
Slackware installs sudo, but doesn't configure it with any privileges.Quoting:If you want to teach root access, use the standard and not the exception ... su.And not all distros set up root with a password. If I need to do a series of tasks as root, and "sudo" is the preferred method of privilege elevation, I just do "sudo bash" and proceed. |
| azerthoth Apr 24, 2010 7:17 PM EDT |
gus, sudo is not the standard method of escalation , sorry to break it to you. That there are a smattering of distro's that have adopted this method still makes it the exception and not the rule. @tech, Gentoo is one that requires sudo to be explicitly installed. It is also one of the ones that I mentioned does not update the environment properly without an additional and little known configuration tweak. |
| caitlyn Apr 24, 2010 7:18 PM EDT |
Quoting:Not all distros set up sudo access for their users. On those distros, trying to use sudo won't work at all. You mean they won't work until you edit the sudoers file with visudo. Then sudo will work with any Linux distro. I have yet to find something that won't work with sudo -s or sudo bash. |
| herzeleid Apr 24, 2010 7:24 PM EDT |
Well, but sudo is the standard linux mechanism for granting permissions. Every distro I've ever used in a serious production environment came with sudo configured, out of the box. Of course, we configure it further... We disable root logins entirely and use sudo to ensure that all superuser actions are logged, so that we know exactly who did exactly what, exactly when. We also use it to grant non-superuser permissions. OTOH su is too coarse grained, and it requires that you give out the root password. With sudo, none of the admins need know the root password, only their own. |
| jdixon Apr 24, 2010 8:36 PM EDT |
> You mean they won't work until you edit the sudoers file with visudo. If you're expecting to use sudo, and it's not configured, chances are you don't have any way to run visudo either. |
| gus3 Apr 24, 2010 9:16 PM EDT |
Quoting:gus, sudo is not the standard method of escalationI didn't say "standard." I said "preferred." That is, preferred by the distro architect(s). Remember AST's quip about standards, and having so many to choose from. |
| Steven_Rosenber Apr 25, 2010 12:33 AM EDT |
In NetBSD and FreeBSD, the base installs are very minimalist and don't include sudo. I'm pretty sure OpenBSD includes sudo in base. Nobody's mentioned that Debian doesn't include sudo by default. I always install and use sudo. |
| caitlyn Apr 25, 2010 12:18 PM EDT |
Quoting:If you're expecting to use sudo, and it's not configured, chances are you don't have any way to run visudo either. Are you assuming that Linux users are too ignorant to know: su - -c visudo or even just su - to get to a root shell from which they can run visudo? This is one of the first things I do with a Slackware based distro. Yes, I know, newcomers to Linux won't know su. They won't know sudo either. |
| jdixon Apr 25, 2010 1:04 PM EDT |
> Are you assuming that Linux users are too ignorant to know: I'm assuming that if they're expecting to run sudo they probably don't know the root password. > Yes, I know, newcomers to Linux won't know su. They won't know sudo either. Which was the point of the original comment. Assuming sudo is available is not a good idea. |
| krisum Apr 25, 2010 11:38 PM EDT |
> I'm assuming that if they're expecting to run sudo they probably don't know the root password. Why would users be expecting to run sudo if it is not already configured? Of course, if neither sudo is setup nor they know the root password then they cannot run commands with root privileges at all. > Assuming sudo is available is not a good idea. As mentioned earlier in the thread, assuming that su is available is also not valid. The article should have mentioned both and that it depends on the distro. |
| caitlyn Apr 25, 2010 11:52 PM EDT |
Quoting:As mentioned earlier in the thread, assuming that su is available is also not valid. The article should have mentioned both and that it depends on the distro. Exactly. |
| azerthoth Apr 26, 2010 12:22 AM EDT |
krisum you bring a good point, can we list distros that sudo (no root password) by default that is not *buntu (connecting to ubuntu repos make it ubuntu for all functional purposes)? I'll even start: 1: OLPC |
| chalbersma Apr 26, 2010 1:17 AM EDT |
@azerthoth 2: DSL 3: TRK |
| jdixon Apr 26, 2010 5:26 AM EDT |
> Why would users be expecting to run sudo if it is not already configured? Because someone came up with a list of best Linux commands and included it? > ...if neither sudo is setup nor they know the root password then they cannot run commands with root privileges at all. Correct. > The article should have mentioned both and that it depends on the distro. What Caitlyn said. :) |
| gus3 Apr 26, 2010 9:11 AM EDT |
4. 64Studio (which IIRC is switching from Ubuntu to Debian with the next release) |
| azerthoth Apr 26, 2010 10:38 AM EDT |
3 entries, only 1 addition. DSL is DOA and is no longer in development, 64studio is *buntu ... what happens in the future stays in the future. So we have a whopping 3 that sudo, *buntu, OLPC, and Tiny Rescue Kit, so far. |
| herzeleid Apr 26, 2010 1:45 PM EDT |
As enterprise distros, RHEL and SLES ship with sudo by default - they would be a bad joke if they didn't. We use SLES and don't provide the root password to SAs. |
| Steven_Rosenber Apr 26, 2010 2:06 PM EDT |
I find it easier to use sudo rather than su to root and then exiting the root shell. In a production-server environment, sudo is essential. I always go back to the way Michael Lucas explains all you can and should do with sudo in "Absolute OpenBSD." I hope he repeats that information in "Absolute FreeBSD," but since one is woefully out of date and the other slightly out of date - and both out of print, I'll just say that smart admins know how to wield sudo to allow for extremely fine-grained permissions with multiple users across multiple systems. |
| azerthoth Apr 26, 2010 6:29 PM EDT |
@herz, kind of looking for ships with sudo instead of su as the default upon installation. My RHEL systems at work do not use sudo for any maintenance, mind you exactly 2 people have access, and only I am the only *nix literate user. @herz&steven, what is done after the fact, and I agree a savy admin can use sudo with precision, is not the point at the moment. As of now, we have garnered 3 distro's that have subsumed root into sudo, *buntu, olpc, and trk. This is hardly a resounding affirmation of most common practice. |
| Steven_Rosenber Apr 26, 2010 6:38 PM EDT |
Don't forget OpenBSD. Would a system aimed at greater security ship something that was opposed to that goal? |
| gus3 Apr 26, 2010 7:26 PM EDT |
Quoting:Don't forget OpenBSD. Would a system aimed at greater security ship something that was opposed to that goal?Well, that's all fine and good, until you install anything from Ports. Which, if you want a usable system, you'll have to. |
| Steven_Rosenber Apr 26, 2010 7:29 PM EDT |
I had a full OpenBSD desktop system with Xfce, and the only things I had to bring in from ports were Opera, which is basically a link to the Linux binary, Flash for Opera, also a link to a binary, and the ultra-painful Java, which was a port, required many manual downloads, hours of compiling and inevitable failures. Other than Java, I was able to get everything I needed from packages. |
| hkwint Apr 26, 2010 7:34 PM EDT |
Quoting:sudo is not root. What's all the fuzz about? The article doesn't say so in the text you quoted it seems to me. It says 'root privileges', which is about thte same as root read / write perms. To 'change environment' sudo has nice options such as '-H'. Apart from that, EBNF is fun. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!