Easy to use/install (was Re: [Novalug] Community contribution)
DonJr
djr1952@hotpop.com
Wed Jan 23 15:41:06 EST 2008
On Wed, 2008-01-23 at 10:16 -0500, Megan Larko wrote:
> DonJr wrote:
>
> Hello Don,
Hello
> > On Tue, 2008-01-22 at 08:30 -0800, Beartooth wrote:
> >> On Tue, 22 Jan 2008, greg pryzby wrote:
> >>
>
> <SNIP--megan>
> >
> > <SNIP>
> >
> >> Apart from that, however, if you don't mind retyping your
> >> password every time you turn around (a/o you've used Megan's
> >> blessed trick of giving it a root password so you can keep a root
> >> tab handy on your terminal), I have to admit it *has* been easy.
> >
> > Are the other simple choice to the file /etc/sudoers add or adjust the
> > following entry:
> > # Members of the admin group may gain root privileges
> > %admin ALL=(ALL) NOPASSWD: ALL
> >
> > Add the "NOPASSWD:" part to the entry.
> > And make sure that your normal userid is a member of the group admin.
>
> Cool Don! I had not thought of doing that. I also don't think that I
> would have entered the line correctly either. Like Beartooth, I hated
> having to sudo for my sysadmin stuff. Moreover, sometimes even with
> sudo, I could not do that which I wanted to do. For some reason I
> still received a "permission denied" error message. All of that went
> away when I created a genuine root user. My concern about the above
> is security. Please see comment below.
This is why I like the 'sudo -i' it gives you a root prompt must the
same as "su -" use to do on older systems.
> >
> > The GUI type application will no longer ask you for your password and
> > when using 'sudo' from the command line it won't either.
> >
> > And the easiest and most simplest way to open a root shell is:
> > sudo -i
> > in a terminal.
>
> My security concern is that the above may be too easy. I do not allow
> direct root login to my systems (other than "rescue" or "emergency"
> boot). I have a user or users who have permission to escalate to root.
The above still requires that the user is a member of the "admin" group.
> Even then, I leave it such that the root password must be entered. I
> maybe behaving in a slightly paranoid manner here, but the systems
> belong to that of my company. I prefer to give a little more security
> especially when it is easy to do so.
Without the "nopasswd:" addition the "sudo -i" still works and the
password the user is required to remember is there own.
The only three main difference between a "root login" and "sudo -i" are:
1 - The user must first login as there normal userID,
one with admin level privlages.
2 - with sudo the user is required to only know there own password
{by default}
3 - By default after 15 minutes sudo will require to reenter your
password. {by default}
With a properly configure pam everything else is the same.
> >
> > NONE of my Ubuntu based systems currently have the "root user" password
> > set and yet I open a root prompt as needed and never get asked for a
> > password.
> >
> > BTW
> > Using the "Xubuntu Expert" version of the installer it asked me if I
> > wanted to SET the "root password" and IF I wanted to enable X logins as
> > the root user.
>
> Good to know. I haven't tried that yet either.
>
> <SNIP megan>
>
> Thanks Don!
More information about the Novalug
mailing list