[GRLUG] Distro's - was GRLUG test comment

Tim Schmidt timschmidt at gmail.com
Thu May 4 19:20:23 EDT 2006


On 5/4/06, Ron Lauzon <rlauzon at gmail.com> wrote:
> So, we now have a normal user that is allowed to run commands a root
> without verification that he can do so.

Simply not true.

> Ya, so?  All that supplying my password proves is that I am me.  That's
> it.  It doesn't prove that I should be running things as root.

Agreed.  I don't think you should be running things as root either.

> > The secret is the user's password.
> Insufficient, IMO.

You must have really bad passwords.

> > It checks your password, and the sudoers file.
> And since the user has all the power of root, he can change the sudoers
> file.  Not much security there either.

Ok, at this point I can say: 'follow the code paths'...  if you feel
you can trojan all the Ubuntu systems out there in the wild, feel
free.  I'd like to see it happen.  In a related feat, I'll be walking
through brick walls later tonight.

> On my Mandriva system, the install sets up root and asks for the root
> password.  Then it asks me to set up a "normal" user - this is what I
> log in as to do my normal things.  When I need the power of root, I must
> supply the root password, proving that I should be doing those things as
> root.

Sure.  Same thing happens on Ubuntu.  I log in as my 'regular user'
and when I want to do something like install software, I use sudo to
become root.  It asks me for my password, and checks to make sure I'm
in the sudoers file, thus proving I should be doing those things as
root.

> On Ubuntu, the install doesn't install a root password, but asks me to
> set up a "normal" user.  It then proceeds to give this "normal" user all
> the access of root, with only the minor speed bump of having to enter
> the user's password as "security".  In my professional opinion, this
> isn't secure and wouldn't be permitted on any corporate system.  Home
> system, maybe, but not anything more than that.

It allows the user to run sudo to do things as root.  The user has no
elevated privilage of his own.

> Think of a non-computer savvy user.  He runs a neat "utility" that he
> just downloaded.  He's used to getting popups that ask for his password
> from other programs.  This "utility" does that too.  But this "utility"
> it a trojan that proceeds to infect his system with some sort of malware.

Anyone who runs random software downloaded from the net deserves
malware.  That simple.  This is where the education I was talking
about earlier comes in.

Further, why would you, as the person who ostensibly installed
software for this user, allow him sudo access.  Effectively the same
thing as giving him the root password.  That shows poor judgment on
your side.

> So, to secure the system, we have to create yet another user.  One that
> can't sudo (or may be able to sudo only certain commands), leaving the
> first user ID set up to be, in effect, root.

Yeah.  The guy who installs the OS is supposed to know what he's
doing.  That's what I've been saying.

> Or, set up the root password and remove the first user from the sudoers
> list.

Which is like stepping back in time...

> Either way, we end up with the same configuration as my Mandriva system
> - but instead of getting it automatically, I had to think about it and
> configure it myself.

Which shows how hard people will work to stay ignorant.

Sorry for the flippant tone...  I'm just getting a little annoyed. 
Documentation is supposed to teach people, not me.

--tim


More information about the grlug mailing list