Tiny Core Linux

dCore Import Debian Packages to Mountable SCE extensions => dCore Armv7 => Allwinner A10 => Topic started by: whatshisname on June 22, 2014, 05:17:05 PM

Title: Where is visudo?
Post by: whatshisname on June 22, 2014, 05:17:05 PM
Hello all,

After failing miserably getting Arch loaded on my Cubieboard 1, I was happy to discover that Tiny or rather Micro or dCore or whatever it is, loaded just fine.  Many thanks to roberts.

Have had a challenging day or 2 or 3 figuring out the peculiarities of the Allwinner version of Micro/dCore having never run Tiny Core but I'm getting there.  Will probably write up my experience later because there isn't a lot of help out there for a newbie jumping into Micro/dCore without fiddling with Tiny Core before.

After finally getting some semblance of persistence working - whew! - I'd like to phase out the "tc" user for security reasons and establish an alternate primary user.  That requires setting up the "sudoers" file to give that user root privileges.  That, in turn, requires "visudo" which evidently doesn't exist.

Surely this is an oversight. Or have I overlooked something yet again?

Thanks again for a fine little distro.  I love the "build what you want from scratch" philosophy of Tiny Core.  It's the same philosophy that drew me to Arch several years ago.  Except Tiny Core is even smaller.  Very nice!
Title: Re: Where is visudo?
Post by: gerald_clark on June 22, 2014, 05:38:48 PM
How do you figure that  creating another user and then giving them sudo privileges will make it more secure?
Visudo is not strictly needed, but you can go ahead and compile it if you like.

Title: Re: Where is visudo?
Post by: whatshisname on June 23, 2014, 03:20:24 PM
Because "tc" is the known default user with no password.  So even if I give him a password, an attacker has half the battle won.  Security 101.   To get an idea of what a huge security risk that is, I would encourage you might read up on how many hundreds if not thousands of Raspberry Pi's are compromised within hours of being hooked up to the Internet because of precisely the same problem.

I asked about visudo because that's the tool you have to have to give anyone sudo privileges: http://wiki.tinycorelinux.net/wiki:security (http://wiki.tinycorelinux.net/wiki:security) .

If compiling is what I need to do then so be it. 

Just trying to figure out how to do what I normally do in this new environment.

Title: Re: Where is visudo?
Post by: gerald_clark on June 23, 2014, 04:08:40 PM
visudo just edits the sudo file and checks for errors.  It is not mandatory.
There is a user= boot option.
Title: Re: Where is visudo?
Post by: whatshisname on June 23, 2014, 04:27:19 PM
OK.  Sorry.  Creature of habit.  I've always used visudo and/or vipw so I just assumed it was necessary.

Edit: For the sake of posterity.  No.  You don't have to use visudo.  But you will first have to make /etc/sudoers writable with 'chmod 660 /etc/sudoers'.  Edit the file.  Then 'chmod 440 /etc/sudoers'.

I can appreciate the extra steps when the purpose of the distro is to keep it as small as possible.  So point well-taken.

Thanks again.
Title: Re: Where is visudo?
Post by: Jason W on June 25, 2014, 05:08:40 PM
Though as said the user= option is the normal TC way for a single user system, some may want to have other users especially if used as an ssh server box.  The visudo command is in the package sudo.  "importsce sudo" will bring it in.  I will add a startup script that issues the command "chmod 440 /etc/sudoers" to the sudo package.