Re: [LUG] Security Thoughts

To: DC LUG <list@xxxxxxxxxxxxx>, Paul Sutton <zleap@xxxxxxxxx>

Subject: Re: [LUG] Security Thoughts

From: Grant Phillips-Sewell via list <list@xxxxxxxxxxxxx>

Date: Thu, 30 Mar 2017 12:37:03 +0100

Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx

Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1475831162; h=Sender:Content-Type:Reply-To:From:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject:To:Message-ID:Date:References:In-Reply-To:MIME-Version; bh=7LDdDrmGbQtQMFhduEBmEblvlxLQhkNA3j6rs/+TL9w=; b=2Pw1Lj8dszH1eFo6U0BtFM2gCH/OvleoUK73WmeIM1yegQFL6jQ9eRuzB7EYS61T8xYYBmu0/yv9y7gT7iGAVUaz60enzgu2fDFlhmS7j3bXjfsBT8fQ4Be0hUB5w3h3pw4pvi7aV3Tkg8QoVo6aG8VGTCo5Ud55XQ4lKeLdXjo=;

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=phillips-sewell-co-uk.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=tk0qDzMmL9Q2pnZOwC6nsy3v5P6pQlCIqpI7GMs1rfE=; b=XXjDZ/xXdytvbOc3Lr0N03VoL2KchDZ1dlg/EcLTiTaIG2uZsxbJgtY6/hVU1G/abo ssUQHQVk4SaufQf4Ktc9EiFoItHP06Z1RVEYWRkQSbohOmZHyCcCfrH+CpN74I1+gIj4 HFOSsEOG7xfPmYhUv018HLjBaIDqFCguImTaEOMo55pWCXRna1S768dcLzy5tnOhSkDJ 6exCEVfjIhJhvR8k6oxpblumTWPhccY0A56vk1BisngNw63yI3+E1eq1QF68hvz6ZMhe JBDt8N6u/CDkv6OtQDy8c0G4u7ifqatx7dwtXRXpYHQVHU5zSMjKEYr7uvjhcZMcK/vm Wwdg==

On 30 Mar 2017 9:00 a.m., "Paul Sutton via list" <list@xxxxxxxxxxxxx> wrote:

I don't think ubuntu based distributions use the root / user system,
the first user you create is set to administrator, so basically added to
the sudo(ers) list so you can use sudo.

You can add additional users and set these to normal user accounts and
then have a specific account for administration.

Debian uses the root / user system and you can also add users to the
sudo(ers) list and group to carry out admin tasks by pre-fixing commands
with sudo.

i think the su command may still work, from, a normal account so perhaps
do this,Â I am not sure there is really that much to worry about.

Paul

Ubuntu does still have the root user, but by default it has no password and so can only be used interactively by an "administrative" user account using sudo.

In order to set a password for the root user, try this:

$ sudo passwd root

It is possible to completely remove the root user, and some distros that are designed to be completely locked down have done so. It takes quite a bit of work with setting up extra non-interactive accounts for services that need root access, fiddling with permissions, etc, but it can be done. Ubuntu has not done this.

Grant. :)

References:

[LUG] Security Thoughts
- From: Neil via list
Re: [LUG] Security Thoughts
- From: Paul Sutton via list