sudo like Ubuntu?

[bear454]

Hey all,

I've been using *suse since 7.2, and really haven't bothered with a lot of other distros. But with desktop virtualization having become so easy, I figured it was time to broaden my horizons, and figure out what all the Ubuntu hubbub was about...

Aside from all the orange (thanks but no thanks, I like green just fine), the thing that struck me as radically different was the way sudo & root are handled; root has no password - you must sudo stuff, but with your own password.

I like this approach, in the appropriate hands (like mine). I figure, if I know the root password anyway, why not just use mine. I don't like the 'emulation' of this provided from YAST the last few versions with the option to have the root set the same as one user's password, as this isn't very multi-user friendly.

So, I'd like to know what you guys think of the Ubuntu-style of handling sudo: benefits, pitfalls, and what would it take to run an openSUSE system that way?

[swerdna]

Throw away thought: Ubu's way is unsafe unless you can totally block sudo from selected other users who are inexperienced (e.g. the 10 yr old kdz from next door).

[ken_yap]

Ubuntu's way is supposed to stop people from logging in as root, but at the expense of making the root password effectively the same as any privileged user (in group wheel, I think). So it's not without problems. If a user can be social engineered to do an unsafe sudo operation, then that opens up the system. Sorry, but I'd rather stick with the traditional model and keep the root password different. But then I'm a stick in the mud, what do you expect?

[else_where]

Quote:

Originally Posted by bear454

...and what would it take to run an openSUSE system that way?

Yast -> Security and Users -> Sudo

Having said that, I haven't used it to configure sudo, since I guess I'm old school. I either su or kdesu anything I need root privileges for.

just my 2c...

Cheers,
KV

[ken_yap]

To make your setup for sudo like Ubuntu, if that's what you want:

visudo and change the config to give superuser permission to users in the group wheel with the user's password

Put the privileged users in the group wheel.

Test.

Disable root login by editing the password hash to be an impossible hash (does not correspond to any plaintext).

You might also want to make a wheel user's path include /sbin and /usr/sbin (in front) so that you don't have to type in the full path when using sudo.

[conram]

I prefer su than sudo, su is easier/shorter to type. In my native language su meaning is two lovely mountain with a green meaning

[Magic31]

+1 for 'su - '

Keeps all the users as regulair users and special access when you need it on the separate root account.

Sudo is nice to add to let users start certain applications that need the rights..

The way Ubuntu implements sudo, in my eyes, makes it too easy to do something that can jepordize or flush your system.. Maybe not to bad for a desktop, but I don't like that thought on servers.

[brucecadieux]

I always set a separate password for the root acount.

I don't ubuntus sudo of using user passwords.

I was actually disappointed to see openSUSE offering to let people use the same password for a user and root account.

I think it is a dangerous practice akin to all the security problems that have plagued windows over the years.

Anyone sitting down in front of a given machine having access to root that easily just seems inherently wrong to me.

[ken_yap]

To be fair to Ubuntu it's only users that have been put in group wheel (this is done by "make user administrator" in GNOME). The first user is in, of course. Very Windowish.