[Wolves] More Ubuntu woes...
sparkes at westmids.biz
Wed Dec 22 21:28:36 GMT 2004
Stuart Langridge wrote:
> If the former, then I'd be very interested to hear why you think that
> the use of sudo is an insecure thing; I don't believe that it is, and
> it's in line with security best practice, so if there's something
> inherently bad about that approach then do please let us know!
it's because once you sudo you run commands as root for the default 10
mins setting (I think this is default anyway) which is probably a bit
long. I use sudo all the while but for one command at a time and think
the default time out is a potential hole.
If you are incrediblly gullable you could be conned into running a silly
command while sudo is still in effect. This would make local exploits
potential root exploits which is why security peeps don't think ubuntu
made the best choice. But the guys working at cannonical are very good
people who have making security choices and the default ubuntu is the
most secure (normal) distro I have ever used out of the box.
That said I can't tell Tim how to change the default sudo settings or
how to add root (but you can sudo /usr/bin/bash (I think) to get a root
shell) because I apt-get dist-upgraded from sid to hoary and did all my
set up months ago while running debian.
> If the latter...then you're wrong :) As I said above, using sudo is in
> line with best practice; logging in as root is, basically, a bad thing,
> and sudo helps avoid that. That's why sudo exists...
yup, hence the fact I use sudo all the while and only log in as root to
fix filesystem errors. Sudo for everyday admin is 100% the best thing
to do. The benefits far, far out weigh the problems.
More information about the Wolves