Tiny Core Linux
Tiny Core Base => TCB Q&A Forum => Topic started by: cURIOUSgEORGE on December 09, 2011, 04:26:54 PM
-
Can anybody explain to me........ What is the point of having a sudo passwd setup if I'm not even prompted to type it in when using sudo??? :-\
-
This is controlled by /etc/sudoers.
The tc user needs to be able to sudo to run some utilities.
You can set a password for tc, or create another user for normal logins.
-
Thanks gerald_clark but I'm still confused....... Anybody else???
Why am I not prompted for a password when using sudo before a command?
Does the password help protect against getting hacked from the internet?
If NOT then what is the purpose of having a password set for sudo?
Thanks, George
-
Did you even bother to look at /etc/sudoers ?
-
Yeah and it's empty. So, what's the point?
-
It is not supposed to be empty.
How did you manage that?
-
lol, uhhhh ???. To tell ya the truth, "I have no clue" . I never touched it. Is that a bad thing that it's empty??? 8)
-
In most situations you don't need a password for sudo. That is how Tinycore is set up.
There are some situations where you may. For example, when setting up a printer with cups you need a root password.
-
Thanks Guy.
Also, is it a bad thing that my /etc/sudoers file is empty?
EDIT : It is NOT empty but only appears to be empty when trying to open it as tc user. Must be root.
-
cURIOUSgEORGE
Like you say, it is not empty, you just cant see the contents as tc user.
It works the way it is set up.
-
With most other Linux distros, you need to use a password for sudo or root. This reduces the likelihood of messing up the operating system.
With Tinycore, someone could easily delete a few things and mess up the system.
With other distros, someone could run a live cd or an operating system from a usb drive, and mess up the system.
-
Hmmm very well put, thanks Guy. Gotcha ;)
-
What is the security benefit of not running as root if there is no password required with sudo?
-
What is the security benefit of not running as root if there is no password required with sudo?
For example you can not demage your system late night mistyping folder name due to access right restrictions.
-
What is the security benefit of not running as root if there is no password required with sudo?
In addition to what bmarkus said, if you use the "syslog" boot code any time sudo is used it is logged.
-
these don't seem like massively compelling reasons (eg. many people will get in the habbit of typing 'sudo rm -rf /' instead, imo). Could anyone explain why the application browser can't be run as root?? and is sudo set to not require a password mainly just to encourage users to run as tc, as opposed to root?
-
Core is not a ready to run distro like ubuntu.
It is a tool kit that comes configured to make it as simple as possible to get it installed.
Once you have it installed, you are expected to customize it to fit your needs.
This includes creating users, setting passwords, configuring packages, modifying backup config files,
modifying the bootlocal scripts, and editing sudoers as needed.
-
Many things in life, when done in moderation are OK, such as alcohol, government, fertilizer,
use of credit, etc, etc, etc..... But when taken to excess, can cause problems, and sudo is no
exception to this rule.
(eg. many people will get in the habbit of typing 'sudo rm -rf /' instead, imo)
You should not blindly go and put sudo in front of every command, that's like playing Russian roulette
with six bullets in the gun, everybody wins. If you are going to do that, save yourself some trouble
and do the job right, type sudo su and you can do everything as root, no warnings and no questions
ask. A more rational approach would be to treat sudo as a last line of defense against doing something
unintended. When a command requires you to use sudo, your response should be to ask yourself
two questions:
1. Why is it requiring the use of sudo?
2. Do I really want to do this?
Once you have answered question one, question two becomes easy. Here is an example that really
gets the point across:
http://forum.tinycorelinux.net/index.php/topic,10148.msg58947.html#msg58947 (http://forum.tinycorelinux.net/index.php/topic,10148.msg58947.html#msg58947)
When you accidentally type rm -rf /usr /lib/nvidia-current/xorg/xorg instead of
rm -rf /usr/lib/nvidia-current/xorg/xorg and you think of using sudo because the system won't let
you do that, you SHOULD ask yourself two questions. Can you guess what they are?
-
[....]When a command requires you to use sudo, your response should be to ask yourself
two questions:
1. Why is it requiring the use of sudo?
2. Do I really want to do this?
Okay, Now that explanation makes sense.
Core is not a ready to run distro like ubuntu.
That is another good point.
I think that I can be okay with the system now. I suppose if I'm really so concerned I should figure out how to configure sudo to prompt me(and everyone else) for a password.
G'night.
-
Why is it requiring the use of sudo?
Interesting, and wise ..
Although I take another approach; my personal machine is run in sudo su and find it insulting should any script/app try to protect me from myself and ask "are you sure you what to do this" Of course I'm sure, otherwise why would i have taken the time and trouble to select or type a command in the first place!!
There is a place for user mode though, I love to teach the inexperienced and admin's really ought to have some protection from them. No harm done though with tc because core, coreplus, tc, etc can be totally rebuilt in minutes, this is one of the beauties of core.
For important configuration files I make them immutable so not even root can harm them. We have the power to save ourselves, but Ill be *** if i'll allow someone else attempt to protect me from myself..
:)
I found this article on sudoers interesting http://www.gratisoft.us/sudo/sudoers.man.html (http://www.gratisoft.us/sudo/sudoers.man.html)
-
Hi coreplayer2
Although I take another approach; my personal machine is run in sudo su
While you are free to do that, I would strongly discourage anyone reading this thread from doing that.
I would consider that practice akin to running a punch press with the interlocks bypassed, it just takes
one little distraction to lose a finger (if you are lucky).
-
Haha, I too tend to have a root shell open just to avoid typing sudo ;)
-
Yes I think I see the logic in what you guys say.
Sometimes one fail to pay attention and do things
that one regret. So some warning may be okay to have.
Is there not some way one can have a choice? At boot
if one add a word that tell it to make me root or something.
What made me able to use the older versions was that
it had a file manager that had a sudo or root option built in.
Suppose I had to correct something in menu.lst and then
I fail to get the whole sudo thing. I have no idea how one use such.
And that is something I have tried to learn since 2006 when I first
used Ubuntu and I still don't get how one use it.
So was it TCL 3.7 or similar that one had that option on the
filemanager to use it as root and that worked for me.
Yes it is embarrassing that I am that challenged. Trust me I hate it.
The newer TCL failed on me because them did not have that file manager.
Luckily after extensive searcing I was able to get one going finding it again.
But I still totally fail to get how one add extensions and keep them.
I trust most of you would tell me to not use your beloved TCL at all.
That only non-challenged should use Tiny Core.
Can you not make one using root that us who fail to get logic can use at our own risk?
We can sign an agreement to not sue any of you when we fail at it. :)
-
I went so far as to tweak /root/.profile to allow me to log in as root with "su -" -if- tc is already logged in. This allows the system to work right at boot time (when tc is not logged in yet) and allows me to log in as root (with warning "You are now root!") when I want to - but it makes me enter the root password to do so, so it pounds into my brain that I'm doing something "special". And yeah, the root password is actually -not- the same as the tc user's password.
I haven't messed with the sudoers file, so I could still use "sudo su" and not have to give the password - this is just a cosmetic change to make tc fit my idea of what is "right". :)
@newbody:
If you use emelfm2 file manager, its wbar icon will start emelfm2 as non-root user but the desktop right-click menu will offer to start it either as a regular user or as root. In my case there are some visual cues to let me know if I'm root or not as I have added some extra buttons to tc's config of emelfm2 but not to root's (*). Please pretend like I reiterated all the warnings about using it that way.
(*) Amusingly, the things I added to tc's emelfm2 config all have to do with performing certain functions as root. "delete the highlighted item, recursively, as root, right now without asking if I'm sure" and "edit the highlighted file as root".
-
Lee, much appreciated. Yes that gives both parties what them want then.
One do get a warning by having to give the password but one can still
be root then for a while and know due to how things look and the terminal
would show the changed status too I guess.
So that is why it is not a good idea to tell boot that one want to be root.
It mess up downloads and installations maybe.
I use fluff instead of emelfm2 but I get that one can set it to loaded as root
or with sudo in front of it. But that is needed for leafpad too. So I drown
in all the details. Using fluff it is there in the upper line use sudo.
More easy to understand for me. Thanks for pointing out how it works with emelfm2
I did remember it vaguely.
-
re. running a text editor as root...
I got burned too many times by making non-trivial changes to files (I've spent a lot of time and effort on bootsync.sh et al) and being unable to save them because I was not editing as root, so I added that button to emelfm2 that lets me edit as root. But that only worked if I used it - If I started my editor from the command line, for instance, and forgot to type"sudo" in front of it, I would still be in the same situation.
Eventually, I wrote a wrapper script for my text editor such that if I am opening an existing file it checks if I have write permission for the file and uses sudo if I don't. If the file doesn't already exist, it checks If I can create it and uses sudo if I cannot. Of course, read-only filesystems can still be problematic. :)
So now the original function of the "edit as root" button in emelfm2 is "deprecated" but the button really just points to the wrapper script now, so its OK. ;)
It may be time for a rework of the editor wrapper - I use it for everything, including composing email and somehow it has grown to over a hundred lines. Feature creep strikes again! If I can simplify it to something more understandable, perhaps I'll post it in the Programming and Scripting section.
Hmmm... "deprecated"... rhymes with def ... oh, never mind! ::)
-
You could always save the file to /tmp and then do a sudo cp.
-
Hi Lee
I got burned too many times by making non-trivial changes to files (I've spent a lot of time and effort on bootsync.sh et al) and being unable to save them because I was not editing as root
Anytime I do that, I open a second editor as root, copy from the first, paste into the second, and
save using that one.
-
I used both of those workarounds at various times - not as convenient as just saving the file, but effective. My head was getting sore from pounding it on the wall ("Doh!!"). :P
-
Warning: Head pounding may cause a pounding headache.
-
To add something to this post more than two months later is sure to produce guilt. Still I will do that, at least just for the layman, which I am. I don't assume cURIOUSgEORGE however to be that one. Ten apologies even before thinking that. cURIOUSgEORGE, are you ready to hear after so long from a guilt conscious man?
First ask to yourself the question "whoami". If you get the answer tc, then ask to yourself who is your guardian-creator.
Try to "adduser" when you are you (i.e. tc). Then do "sudo adduser", or first "sudo su" and then "adduser". What differences do you find?
You are here on earth, because of your guardian-creator; and he has invested you with his own powers ! Only you need to be He, to perform the acts which truly belong to his spheres alone. "You" cannot do that as you were born mortal.
True creation is (must be) impossible for mortal beings. We have children ("sudo adduser"), because the almighty has allowed us to have them. (Or to take another analogy, may be we are able to create atoms, but in doing so we are showing our readiness in destroying a Hiroshima !)
With those powers, caution must come. Everything that Rich said, that alone is convincing to me. Rest is one's desire, what he wants with powers he gains.
Had your creator not invested you with that power, would you still be working here ? He could have divested you (user tc) from powers to use sudo or sudo su. How much powers are you going to grant to children you in your turn are going to create !?
Which computer owner would like to have a limited account only, and going everytime to administrator to ask even for such mean tasks like asking for granting "CD/DVD burning rights", even in the world of Microsoft ?
Does one has a computer at home with a user having a limited account only, with administrator's password with the shopowner from where one bought the box ? (Again to take only the Windows analogy).
Perhaps this may be the "nearest" answer akin to the original question (of course Rich's exhortations included). Thanx to all.