WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Now 'sudo su' in /root  (Read 24199 times)

Offline tobiaus

  • Suspended
  • Hero Member
  • *****
  • Posts: 599
Re: Now 'sudo su' in /root
« Reply #15 on: December 30, 2008, 10:29:55 AM »
Personally  would like to remove sudo entirely (its reason for existence is to make things easier in a multi-user system) and stick with su only.   But that's going a little off-topic.

i'm used to sudo su to become root, and since you're (thankfully) not root all the time in tc, i'm happy to use it to become root and do root things this way as well: sudo cp source rootonlydestination

there's usually not a login when you're using a livecd, but since i'm used to a login at other times, i wouldn't mind one. it would give the illusion (or the reality, or some of both) of being more secure.

removing sudo because it's being used in a way that's conventional one place and not quite as conventional (but still very useful) in tc seems a bit purist. so is even having multiuser, to some others. if tc is not capable of multiuser (i know, no one said that) i'd like to know what's preventing it. but then if it's really not, the answer is probably "all sorts of things."

Offline mikshaw

  • Sr. Member
  • ****
  • Posts: 368
Re: Now 'sudo su' in /root
« Reply #16 on: December 30, 2008, 03:58:28 PM »
Quote
removing sudo because it's being used in a way that's conventional one place and not quite as conventional (but still very useful) in tc seems a bit purist.
I'm not sure if you're assuming that's the reason I'd like to get rid of it, or if you just made that comment as a general statement.  My own reason is mostly for the sake of security.  Sudo makes it much too easy to do things as root, in my opinion.  My ideal system would require a password to log in, and another password for doing any tasks that require root power.

Quote
if tc is not capable of multiuser (i know, no one said that) i'd like to know what's preventing it.
I assume it's quite capable, although I haven't done it yet.  It looks like it's set up very similar to DSL, in that /etc/inittab would need to be changed to use getty instead of rungetty, wipe out the su in /root/.profile, and create passwords for tc and root users.

Offline tobiaus

  • Suspended
  • Hero Member
  • *****
  • Posts: 599
Re: Now 'sudo su' in /root
« Reply #17 on: December 30, 2008, 05:22:58 PM »
My own reason is mostly for the sake of security.  Sudo makes it much too easy to do things as root, in my opinion.  My ideal system would require a password to log in, and another password for doing any tasks that require root power.

i wasn't sure what your reason was, so i made a general statement that as i can now see, does not apply here. security is a great reason to remove sudo, if it makes much of a difference. i leave the if to your opinion. aside that, i wouldn't mind at all if login passwords were required. i won't argue for them, or against them, although they would be most welcome.

in xubuntu, which because it's ubuntu is odd in this regard, you can sudo su or sudo variouscommandshere, just like in dsl and tc. but if you are trying to do anything that requires root, it still asks for a password, with sudo or without. that seems to last for several minutes (this is good, not good? i don't know.)

if it can exist without compromising security, i really think it ought to be core, but you're more familiar with it. if it wasn't core, i hope it would at least be a .tce extension. i would be interested in ways that tc can be more secure, other than the read-only nature of the boot media and possibly other than the firewall.

i was able to remove sudo from tc very easily just before typing this, but (naturally) i'll have to reboot before i can use appbrowser, or mount or unmount devices. i am also now unable to use login, but i tried to become root that way. "su: must be suid to work properly" :) that's the best message since "reboot: no"

Offline mikshaw

  • Sr. Member
  • ****
  • Posts: 368
Re: Now 'sudo su' in /root
« Reply #18 on: December 31, 2008, 07:55:45 AM »
Quote
in xubuntu, which because it's ubuntu is odd in this regard, you can sudo su or sudo variouscommandshere, just like in dsl and tc. but if you are trying to do anything that requires root, it still asks for a password, with sudo or without. that seems to last for several minutes (this is good, not good? i don't know.)
I haven't used Suse in a couple of years, but I think that's the way sudo worked there too.   I think that's probably the standard way to use it.

As far as the password itself, was that the user's password or root password?  This is one of the things I've never understood about using sudo in a (typically) single-user system like TC.  Sudo was written, as I understand it, to provide certain users the ability  to do privileged tasks without having the privilege of knowing a root password...basically only useful if you run a multi-user system.  If you are the only user, using sudo with a password provides no benefit over using just su (as far as I know).

Quote
if it wasn't core, i hope it would at least be a .tce extension.
I don't think there's any chance sudo will ever be removed.  It  has become a vital part of many tools.  At my level of understanding and patience the best I'd be able to do is replace sudo with a script that prompts for a password, *if* I were to actually  build my ideal system from TC.  That's an idea I've been pondering in DSL for a long time, and still haven't even tried it.

Quote
i am also now unable to use login, but i tried to become root that way. "su: must be suid to work properly"
that's the best message since "reboot: no"
That sounds like maybe an oversight when Busybox was built?  As hjkl did, I'd probably use the GNU version anyway .

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Now 'sudo su' in /root
« Reply #19 on: December 31, 2008, 08:12:02 AM »
Sudo with a password does have a single advantage compared to su. I believe lucky13 used to keep saying this too. You can restrict the right to use sudo to only the apps you want (reboot, poweroff?).

If sudo is accompanied by PAM you should be able to do all sorts of weird authentication too, starting from time-based (only allow between 13-15) to unbelievably crazy (only allow login if $BREAD is in $TOASTER, $COFFEE is ready, and $FRIENDS is on $TV).
The only barriers that can stop you are the ones you create yourself.

Offline tobiaus

  • Suspended
  • Hero Member
  • *****
  • Posts: 599
Re: Now 'sudo su' in /root
« Reply #20 on: December 31, 2008, 10:33:09 AM »
can't speak for suse, but i'm glad it's not just a 'buntu thing.

however, in xubuntu/ubuntu/etctu, there is no root account per se, but you can sudo commandshere or sudo su. then you have full root-like capability, but since there is no root password, you use the user account password to gain sudo access. when i put it that way, it sounds like a really stupid idea, but it's my experience (and perhaps misunderstanding) based on using 'buntu for a year or more.

in tinycore, you can already set passwords for both root and tc, and presumably other accounts, so when you say "it's not multiuser" i feel like it depends what your definition is. i don't think the package system (that's relevant) is multiuser, or probably a number of other things. but it's linux, and it has more than one password and more than one account. so i would think, user or tc password to login as user or tc, root password for access to sudo.

but naturally that's hypothetical and depends on whether people (including roberts) wanted to make it that formal by default. i remember using the "secure" boot option in dsl which asked me to create passwords, but it never asked for them again, even when using sudo. i don't understand why, but someone probably does.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Now 'sudo su' in /root
« Reply #21 on: December 31, 2008, 12:03:50 PM »
The "secure" option was mostly for ssh connections on the unmodified livecd. After a remaster or otherwise saved /etc/shadow it was not needed anymore.
The only barriers that can stop you are the ones you create yourself.

Offline cjgau

  • Newbie
  • *
  • Posts: 27
Re: Now 'sudo su' in /root
« Reply #22 on: December 31, 2008, 12:36:47 PM »
"sudo su" changes to the home directory of root.

"sudo -s" will remain in the same directory where the command is executed.

Offline tobiaus

  • Suspended
  • Hero Member
  • *****
  • Posts: 599
Re: Now 'sudo su' in /root
« Reply #23 on: December 31, 2008, 12:39:02 PM »
After a remaster or otherwise saved /etc/shadow it was not needed anymore.

ah, etc/shadow, bringing me back to another question: whenever people talk of changing the password, they do strange incantations involving that pathname. what's wrong with passwd, and passwd username? it seems like it would be more important for everyday use, but no one mentions that (if it is important.)

Offline mikshaw

  • Sr. Member
  • ****
  • Posts: 368
Re: Now 'sudo su' in /root
« Reply #24 on: December 31, 2008, 01:29:21 PM »
tobiaus: I don't know of any strange incantations, but I think you're right that it's very simple to use passwd.  The only connection between the two that I know is that /etc/shadow stores the password created by the passwd command (why it's not /etc/passwd I have no idea).

When I implied that TC is not multiuser, i did not mean it literally.  All I was getting at is that it is configured to assume there is only one person using it.  This is apparent with the lack of login prompt, additional ttys, or passwords.  This isn't to say that it can't be reconfigured easily enough, but just that in its default state it doesn't seem to lend itself easily to multiple people using the same system at the same time.  But this is also something that doesn't matter to me, since i'm the only one using my box, so I don't know why I brought it up =o)

curaga: thanks for the extra info on sudo.  I forgot that I had experience something that I think is related to what you said.  Some GUI applications will not work if you've su'd to root, but will work if you "sudo <command>".

Offline tobiaus

  • Suspended
  • Hero Member
  • *****
  • Posts: 599
Re: Now 'sudo su' in /root
« Reply #25 on: December 31, 2008, 01:45:48 PM »
indeed, and the other way around, sometimes sudo won't do things sudo su will. sudo killall udhcpc is fine, but i needed to sudo su before you udhcpc -H box -b -i eth0 (presumably, you can just use cpanel.)

also, sudo reboot works when reboot won't (although you don't need to be root to ctrl-alt-del.)

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Now 'sudo su' in /root
« Reply #26 on: December 31, 2008, 03:33:41 PM »
I haven't seen any magic incantations recently. Or maybe I just missed them ;)

Passwords should be changed with the passwd command. The secure bootcode uses that too.

They used to be stored in /etc/passwd during the unix era, with weak DES encryption, but there were weak points: not only the easily cracked crypt, but also the fact /etc/passwd is world-readable. Shadow was implemented to move only passwords out of that file, into a new file only readable by root. Shadow can use any algorithm, even DES, but by default it uses MD5 passwords. SHA1 is also supported in the default builds, Blowfish can be patched in. Thus, if you only change passwords, you need to backup /etc/shadow; if you also add / remove users / groups, you'll need to backup /etc/passwd and /etc/group as well. /etc/gshadow is used for group passwords similarly to /etc/shadow.

Heck, I'm still probably the youngest of the crowd when counted in years of Linux use. Why am I teaching everyone :P :D
The only barriers that can stop you are the ones you create yourself.

Offline tobiaus

  • Suspended
  • Hero Member
  • *****
  • Posts: 599
Re: Now 'sudo su' in /root
« Reply #27 on: December 31, 2008, 05:47:36 PM »
Heck, I'm still probably the youngest of the crowd when counted in years of Linux use. Why am I teaching everyone :P :D

oh, some people just can't help it. lucky for the rest of us, though. :)

Offline mikshaw

  • Sr. Member
  • ****
  • Posts: 368
Re: Now 'sudo su' in /root
« Reply #28 on: December 31, 2008, 09:02:04 PM »
And because some of us don't learn stuff we don't already use unless we have to

Offline tobiaus

  • Suspended
  • Hero Member
  • *****
  • Posts: 599
Re: Now 'sudo su' in /root
« Reply #29 on: December 31, 2008, 09:15:16 PM »
well, some of us just don't get this stuff as fast. so we end up choosing between asking the people that understand the stuff we just tried to read, or simply having to use something easier. i quote robert shingledecker in chapter 2 of the official damn small linux book: (i'm on chapter 4 or 5.)

Quote
many users have passed through the forums and the collective knowledge is immense. try posting a request for help providing as much detail about your system as possible. who knows? maybe someone else has the same system as you and has a readily available answer. and remember that no question is too dumb to ask. we all had to start somewhere.