D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Security Thoughts


On 30/03/17 18:21, Neil via list wrote:
> On 30/03/17 13:10, Brad Rogers via list wrote:
>> On Thu, 30 Mar 2017 12:24:20 +0100
>> Neil via list <list@xxxxxxxxxxxxx> wrote:
>> Hello Neil,
>>> possible/easy to set one password to log on and another one to use with
>>> sudo? And secondly, if so, is it a good idea?
>> Not with one user.  Martin suggests a method that works, but you need to
>> change user to perform any admin;  Switch to admin user, then perform
>> admin tasks.  That requires logging into a second account, then issuing
>> an "sudo....blah, blah".  Multi-staging like that gets old pretty
>> quickly.  Kind of negates the whole point of sudo, which is to give
>> users limited, short-term, access to privileged commands.
> Yes, I see that. Obviously I have been using the one user plus sudo
> system for years. I suppose if I change the root password it will
> automatically change the log on password too.
> Neil
I'm not sure when it happened, but it became <debuntu> policy not to set
the root password. In Gentoo (for example) you have to explicitly
install the 'sudo' package, so they do expect you to set a root
password, although I don't normally. I've also had to add packages for
'kdesudo' (for KDE packages which need elevated privileges) or 'gksudo'
(for gnome-based apps). You don't use 'sudo' if there's a root password
set, you can just use 'su' (instead of prompting for the user password,
you enter the root password). You may wish to check/change your
/etc/sudoers and /etc/sudoers.d config files to relinquish control (see
man pages) for normal users. You can also check whether your users are
members of the 'sudoers' or 'wheel' group, which also 'allow' you to use
the sudo command. Any failed use of the commands, are always logged to
the syslog.
**[You as in the royal 'one', as in the royal 'we']



Attachment: signature.asc
Description: OpenPGP digital signature

The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq