Talk:Sudo

From Gentoo Wiki
Jump to: navigation, search
Note
This is a talk page. Please add newer comments below older ones, and sign your comments using four tildes (~~~~). When adding a new section (at the bottom of the page), please mark it as "open for discussion" by using {{talk|open}} so it will show up in the list of open discussions.

Bash completion command

Please explain why the user should run echo with escalated privileges. Smartass (talk) 05:37, 30 July 2013 (UTC)

its often a redirected command... they are like piped commands ie command1 | command2 command 1 gets sudo, cmd 2 doesnt. it has sudo powers at echo but not at the >> and the whole point of those are manipulating root file systems. just try a few sudo echos, you'll be back. =D 666threesixes666 (talk) 03:12, 30 January 2014 (UTC)
if you're talking about this instance https://wiki.gentoo.org/wiki/Sudo#Bash_Completion my counter question is why do you need sudo completion on users with out sudo? that one is not required, im kinda shocked it slipped in to translate versions.666threesixes666 (talk) 05:13, 30 January 2014 (UTC)

SUDO VOODOO

Talk status
This discussion is still ongoing.

Some people disable root logins for security reasons. Root is a user everyone knows is on most linux machines, and its an easy target. Make sure you have a user with working sudo su before disabling root. I do this by making all wheel group users sudo nopasswd, then disable root, then attackers must guess the wheel user instead of having a static root target. the wheel user is the new access to root via sudo su. why no passwd? i'm aware of key loggers, and the easiest way to steal someones password is to key log it out of the computer, and reducing input of it reduces risk.

run this once

root #echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

(replace this $USER with your actual user name)

root #gpasswd -a $USER wheel

disable root login

user $sudo passwd -l root

to get to root

user $sudo su

to re-enable root

user $sudo passwd


i use a lock screen button & password secured screen savers & password logins for my security of immediate area. im going to get flash keys to test moving kernels on to, and see if i can figure out a system where it would require the flash key to unlock the computer. im not sure how i feel about biometrics yet.666threesixes666 (talk) 05:13, 30 January 2014 (UTC)

this or something similar in idea should probably be the default method. hardening by removing root. 666threesixes666 (talk) 04:47, 30 January 2014 (UTC)
metadata is scaring me, idk what to do 666threesixes666 (talk) 03:12, 30 January 2014 (UTC)

respecting bash aliases

Talk status
This discussion is still ongoing.

sudo neglects all bash aliases unless you set a alias for sudo that includes a space.

FILE /etc/bash/bashrc
alias sudo='sudo '

666threesixes666 (talk) 04:12, 14 February 2014 (UTC)