Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (4) </ 1 2 [3] 4 >/

[ Track this topic :: Email this topic :: Print this topic ]

 reply to topic new topic new poll
Topic: DSL vs. Puppy Linux, ultimate lightweight distro< Next Oldest | Next Newest >
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: June 20 2007,19:40 QUOTE
Quote
DSL boots by default to user dsl with sudo privileges but not direct root privileges. This is the proper, more secure way of running a Unix/Linux environment.
While I agree with your post as a whole, this one comment is something I don't fully agree with. It's my personal belief that the "proper" way to do it would be to require a root password for *any* root access. DSL makes it a little too easy for my own taste.  I've made it a point to create both a dsl and root password, but still have not fully addressed this aspect of security to my liking.  At some point I'll either modify sudoers (which is still a very confusing topic for me) or create a replacement script for the sudo command on top of my PATH (e.g., running "su -c $@" whenever sudo is called). For now, though, I have no idea how complicated it might be for applications like mydsl, which run in X but spawn scripts that use sudo, and haven't had the desire to experiment with it yet.

--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: June 21 2007,00:29 QUOTE
Oh, let me clarify. I don't think DSL does it totally "right" (that's why I'm doing the hardening page), but at least DSL has separate users/permissions and doesn't log in as root by default (or SOLELY) as the other live CD distros I mentioned do. That's, IMO, inexcusable for anything that's set up to be installed (and Puppy and dyne both have installation scripts/instructions). I think sudo is a tolerable concession, albeit an imperfect one.

I share your concern. The hardening page I alluded to covers sudo. My own policy is to clear out sudoers and use su instead. I don't even have sudo set up on my BSDs or Slack installs, but it seems like every Debian-based distro I've used includes it by default.

--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: June 21 2007,04:13 QUOTE
I had used sudo (or sux for X apps) + root password in Suse, which I think was the default way to use sudo in that distro.  In Slackware I had originally tried to do the same as in Suse, but failed to properly configure sudoers. Somehow it ended up wanting the normal user's password rather than root's, which I thought was pointless. Anyway, in Slack I now just use su -c <command>, which does pretty much the same thing as Suse's sudo. Most X apps apparently don't work with this, but that's not a big deal.

--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: June 21 2007,11:08 QUOTE
I don't have experience with Suse, but that seems odd. The password in Slackware is the proper way sudo works (user password rather than root). The man page for sudo says, "NOTE: in the default configuration this is the user's password, not the root password."
(edit: add link below)
http://www.gratisoft.us/sudo/man/sudo.html

The rationale is that it's to verify an actual user who's already been deemed competent enough to be included in sudoers. If it were tied to root password, it would basically be like using su. Which, like I said, I find preferable anyway.

(additional edit): I wouldn't think tying sudo to root password would be a good idea unless it's a single user system (and even then it's probably not a good idea). On a larger system where there might be many people with various levels of sudo privileges, you would want to verify them with their own passwords rather than doling out the root password to all (any!) of them.

--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: June 21 2007,15:03 QUOTE
I didn't think about the added security of using your own password rather than root's. It's still password-protected, but this way allows the admin to limit your root usage.  And it also explains why there is any point at all in using sudo rather than su. Smart.

--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
19 replies since May 26 2007,01:02 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (4) </ 1 2 [3] 4 >/ 		reply to topic new topic new poll
Quick Reply: DSL vs. Puppy Linux

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code