Sudo=Bad Security!

[Xgates]

This sudo thing, it's bad security, someone gets into the user account then they have your box simpler than if there was a root password on it. Having that root password means twice the effort is needed to get root on the box, now with people using Ubuntu only as sudo, all a cracker needs to get is the user account to gain control. Ubuntu needs to let people know about this, and that they can have a root password on the box and run it in a proper more secure way, and not something like this sudo ONLY thing going around thought for the sake of all the windows users, moving over to Linux, trying to make it easier, for the sacrifice in security.

And if the Ubuntu thinking here was to keep people from logging into their box as root then this is not good Unix teaching. RULE 1# is taught in Linux, you don't log in as root, and this needs to be taught in Ubuntu, not just trying to make the box eaiser by just having sudo as default to keep them from root logins, because this is for the sake of all the Windows newbies, wanting to be some wannabe Unix user looking for a easy way out, this not good Unix, or the Unix way, or did someone here forget we are running a Unix based OS.

Yes of course if the noobs log into the box as root by mistake the security is at a greater risk, but then you are suppose to be taught you NEVER login to Linux as root anyway, so what are we doing here, side tracking good thinking that is correct for a simpler way to keep people from doing this all in the name of security when after all the box is more insecure when running as sudo only as well.

Lets get back to the REAL basics, and start teching the newbies the CORRECT way, not by trying to make things easier for them, but educating them, especially when you are compromising the box by doing it when this is not correct.

Teaching never login as root with a REAL box that has a root account, this is the Unix way! I mean PLEASE what are we running Windows here?

You get a TISK TISK for bad thinking --->

[HungSquirrel]

Teaching never login as root with a REAL box that has a root account, this is the Unix way! I mean PLEASE what are we running Windows here?

The sudo method is nowhere near as bad as the Windows method of making all accounts passwordless administrator accounts by default. Heck, with sudo at least you have to put in a password before you do something stupid. Windows should implement something similar in Longhorn where the Administrator should have to input a password every time he does something that could mess up the system (install/remove/configure software/hardware, run Windows Update, etc.). Many of the problems associated with Windows would be less severe if they did what Ubuntu does. So, don't ever compare Ubuntu and Windows; Windows is MUCH worse!

[dabeej]

1. A normal user doesn't have high priv alone. Meaning, they would need to authenticate using sudo to do anything. With root, you don't need anything. Once you have root access, it's pretty much done.

2. You aren't really considering anything in mind other than physical access, look at whole thing and then make assumptions of bad security practices. Seeing how most security attacks are for and against root accounts with weak passwords. This atleast that problem. Also if anyone gains any local access to the box, they can pretty much do anything they want. If they acquire access remotely from the user acount with their password (through a trojan), then the way they did that is most likely the users fault.

3. Read the ubuntu security documentation for more reasoning why they did what they did.

Don't make assumptions. Security is a sensitive field.

[TravisNewman]

There's STILL only one password to crack to get root access
In this case, it's the user's password-- in other cases it's the root password. If you make your password complex, it's just as hard to crack as a root password. So what's the big deal?

Also, sudo prevents you from accidentaly doing something you don't want, OR keeping root sessions open, which are both security issues, even if only security from yourself.

[HungSquirrel]

There's STILL only one password to crack to get root access
In this case, it's the user's password-- in other cases it's the root password.

Well, that depends. For example, it's considered more secure if you disable root logins via FTP, SSH, etc. In remote login scenarios with root logins disabled, having to crack two passwords (user, then root so you can su) makes the system more secure.

Also, sudo prevents you from accidentaly doing something you don't want, OR keeping root sessions open, which are both security issues, even if only security from yourself.

These are my favorite features of sudo. With a sufficiently paranoid timeout, sudo can be quite the system saver!

[nocturn]

1. You should *never* log in as root, even on non-sudo systems, you log in as a user and use su for root.
2. Never, ever send a password over a non-encrypted connection.

Sudo helps for security because it forces the root user to use least privileges when doing stuff, and not leaving logins open.
Condisder this:
$ ./configure; make
$ sudo make install

instead of running the configure and make as root to, it doesn't need it.

Another benefit of sudo is logging. Every sudo command gets logged, so it is easier to find out later if something bad happened.

Do you have any data to back up your claim that a root user is safer then sudo?

[nocturn]

The safest, but less comfortable way IMO is to have a userID you use to sudo from (different from your working ID). When you need to do root stuff, log in with the sudo user and run the commands from there.

[r00t]

Are you suggesting that:

Code:

%admin  ALL=(ALL) NOPASSWD: ALL

isn't safe?

Mark

[wmcbrine]

now with people using Ubuntu only as sudo, all a cracker needs to get is the user account to gain control.

Nope -- they need the password, too. There's a difference: it's possible in some circumstances to get into a user account without knowing the password, but that won't help you if you want to sudo. (Users can't even read the hashed passwords in /etc/shadow; and if they could, they'd still need to crack them.)

By inactivating the root account, Ubuntu removes one obvious target for crackers. Consider: guess root password vs. guess user name AND password. Of course you can disable root logins and achieve a similar effect. But I think the Ubuntu system is a win, overall. It discourages casual use of the root account, which is the biggest security hole in a non-sudo system. And it's not incovenient to use when you do need it.

BTW, for what it's worth, Mac OS X works the same way. (Indeed I'm surprised at how much the two systems have in common. Right down to the little swirly circle "hourglass" in Hoary... but I digress.) Windows is quite different, and trying to run it securely is kind of a pain.

[s0c0]

Meh, it's not a big deal. If you are worried than just do a sudo passwd root and start using your root account. That's what I've done since I perfer the more traditional way.

Secondly, I don't think the Ubuntu distribution is meant to be a production server. Sure I use it for my web server and a few other things, but I doubt I would ever setup a Ubuntu server for a client. Ubuntu comes with too much crap on it's default install (but thats great for end-users). Thats what Slackware and BSD are for.