root question

Forum: User Feedback
Topic: root question
started by: Epsilon

Posted by Epsilon on April 27 2005,14:01

hi again.

Since i've started with linux i use "su" command to log as root, i tryed it on dsl but oviusly i dont know the password. I try with nothing and it give me and error. then i use "sudo" to run commands as root. Now i have a question.

Any user can use sudo?
Can be this a security problem?
what happens if i "sudo passwd root"? can i still using sudo?

thanks and sorry for my ignorance.

bye.

Posted by DeeJay on April 27 2005,16:05

Is DSL's use of sudo special in some way, or might these questions be dealt with at places found by Google, such as:

< http://aplawrence.com/Basics/sudo.html >

and

< http://wiki.linuxquestions.org/wiki/Sudo >

DeeJay

Posted by mikshaw on April 27 2005,19:25

The user "dsl" is listed in /etc/sudoers giving it permission to run the command "sudo su" without a password prompt. I'd say this might pose some security risk, but it makes things convenient for the liveCD user.

Editing this file (and creating a root password) might be a good idea if you have a "real" DSL installation.
I'm not sure this is the way it works in DSL, but typically you need to use the command "visudo" as root in order to properly edit /etc/sudoers
< http://www.linuxvalley.it/encyclopedia/ldp/manpage/man5/sudoers.5.php >

Posted by Epsilon on April 27 2005,23:34

thanks mikshaw

Posted by Guest on April 28 2005,19:15

If I remember right, the passwords in Knoppix (root and knoppix users) are locked. I have always assumed that this is also the case for dsl and root users in DSL. The user knoppix was removed from the sudoers list when I last checked (1.0rc1), so I only had to enter the new passwords for root and dsl users using "sudo passwd" and "sudo passwd dsl" respectively. You will not be prompted for the old passwords.

There is definitely a security risk with any additional sudoers allowed, but I think this is minimal as long as you remember to set these two passwords immediately when you start dsl and used very strong passwords. Do not start any daemons (ssh, ftpd, httpd, ...) if the passwords are not set. And never allow the user "root" to login through any of these services.