[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Security Thoughts

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] Security Thoughts
From: "M. J. Everitt via list" <list@xxxxxxxxxxxxx>
Date: Thu, 30 Mar 2017 18:26:42 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1475831162; h=Sender:Content-Type:Reply-To:From:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject:In-Reply-To:MIME-Version:Date:Message-ID:References:To; bh=3z9JiY8Opmw804RsyvJhW/GSVwIm6IPZr27kCM35kaw=; b=rUmA44S03hVSG5rTUcQot35Frevw1QPbdqgZAZFTMYEOp+msdKbo8wwTIEtgLbsX369LqE2QaJJ+nKEtdXpsNN7+/0SJ6F1JDZbV7UU9HZo5YYbzttgrzHviwrv8lBD989nMV+oY5dKtJS299GN4VIBeYex/qF7uwMxYlooopcI=;
Openpgp: id=BA266E0525CFAB101523351B4C30334F93C22371

On 30/03/17 18:21, Neil via list wrote:
> On 30/03/17 13:10, Brad Rogers via list wrote:
>> On Thu, 30 Mar 2017 12:24:20 +0100
>> Neil via list <list@xxxxxxxxxxxxx> wrote:
>>
>> Hello Neil,
>>
>>> possible/easy to set one password to log on and another one to use with
>>> sudo? And secondly, if so, is it a good idea?
>>
>> Not with one user.  Martin suggests a method that works, but you need to
>> change user to perform any admin;  Switch to admin user, then perform
>> admin tasks.  That requires logging into a second account, then issuing
>> an "sudo....blah, blah".  Multi-staging like that gets old pretty
>> quickly.  Kind of negates the whole point of sudo, which is to give
>> users limited, short-term, access to privileged commands.
>>
>>
>>
> Yes, I see that. Obviously I have been using the one user plus sudo
> system for years. I suppose if I change the root password it will
> automatically change the log on password too.
>
> Neil
>
I'm not sure when it happened, but it became <debuntu> policy not to set
the root password. In Gentoo (for example) you have to explicitly
install the 'sudo' package, so they do expect you to set a root
password, although I don't normally. I've also had to add packages for
'kdesudo' (for KDE packages which need elevated privileges) or 'gksudo'
(for gnome-based apps). You don't use 'sudo' if there's a root password
set, you can just use 'su' (instead of prompting for the user password,
you enter the root password). You may wish to check/change your
/etc/sudoers and /etc/sudoers.d config files to relinquish control (see
man pages) for normal users. You can also check whether your users are
members of the 'sudoers' or 'wheel' group, which also 'allow' you to use
the sudo command. Any failed use of the commands, are always logged to
the syslog.
**[You as in the royal 'one', as in the royal 'we']

HTH, BR,

Michael.

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Security Thoughts
- From: Brad Rogers via list

References:
- [LUG] Security Thoughts
  - From: Neil via list
- Re: [LUG] Security Thoughts
  - From: Martin Gautier via list
- Re: [LUG] Security Thoughts
  - From: Paul Sutton via list
- Re: [LUG] Security Thoughts
  - From: Tom via list
- Re: [LUG] Security Thoughts
  - From: Neil via list
- Re: [LUG] Security Thoughts
  - From: Brad Rogers via list
- Re: [LUG] Security Thoughts
  - From: Neil via list

Prev by Date: Re: [LUG] Security Thoughts
Next by Date: Re: [LUG] Security Thoughts
Previous by thread: Re: [LUG] Security Thoughts
Next by thread: Re: [LUG] Security Thoughts
Index(es):
- Date
- Thread