1 Sep
2020
1 Sep
'20
1:21 a.m.
On 2020-08-31 15:12:31 William Morder via trinity-users wrote:
On Monday 31 August 2020 06:44:06 E. Liddell wrote:
I quite agree with your philosophy here. This is why I went back to an init
system in Devuan, rather than trying to make Debian work. And also, Debian
has been involved an a series of scandals and misadventures, so to speak,
which have caused me to lose some confidence. In my view, Devuan is now
more Debian than Debian itself.
Well, my viewpoint is that on a single-user home system, su and sudo are
there really only to keep one from shooting oneself in the foot. Keeping a
root Konsole session open isn't much of a danger as long as one makes it
obvious when it's active. On my OpenSuSE system, local GUI login to root is
enabled, but I've set the destop background colour there to Magenta, so it's
really hard to forget where I'm working.
When it comes to actual security (access to one's data), there's not much one
can do beyond keeping it in encrypted partitions and encrypting /tmp, /var
and swap, using strong passwords and shutting down when not in use. I
suspect that few of us take ALL of those precautions All of the time. :-)
Leslie
---------------------------------------------------------------------
To unsubscribe, e-mail: trinity-users-unsubscribe(a)lists.pearsoncomputing.net
For additional commands, e-mail: trinity-users-help(a)lists.pearsoncomputing.net
Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/
Please remember not to top-post:
http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
On Sun, 30 Aug 2020 15:46:58 -0700
"William Morder via trinity-users"
<trinity-users(a)lists.pearsoncomputing.net> wrote:
On Sunday
30 August 2020 11:19:03 Slávek Banko wrote:
It isn't really all that complex. There are two reasons (well, three,
really, but the third is distro-specific) why none of my systems have
sudo installed:
First of all, su is the older default piece of software that is installed
on every Linux system. sudo is an add-on. Every extra piece of software
you have installed increases the complexity of your system and the number
of bugs you have sloshing around. On Saturday 29 of August 2020 13:11:01 William
Morder via
trinity-users
Sorry to take so long to respond. I was AFK and lost in the physical
world, and dealing with the problems of living in meatspace.
wrote:
> Okay, so I solved part of the sudoers list / root password problem.
> Turns out that I had not downloaded quite all the sudo packages,
> particularly some of the tde-trinity packages, or kde-trinity
> transition packages, or something in that lot.
If you do not set a root password and use sudo, then the
tdesudo-trinity package is appropriate to ensure that all tdesu calls
are actually tdesudo => instead of su and root passwords will use
sudo and the user's password.
The mysterious E (for Enigmatic) raised the issue of su against sudo;
and I've also heard Nik mention that su is better for the single home
user, which is myself. Until now, sudo + tdesudo has always done the
trick for me, but if it is less secure, and my system will work, then
at least I ought to make myself aware of the distinctions. I've tried
out su, but so far I don't see any benefit, and only hear about the
perils of sudo.
It is possible that I can change my habits, so I will look into su. But
if anybody can explain why su or why *not* sudo, I would be grateful,
as the technical descriptions I can find online, or in my Linux guides,
do not guide me toward any decisive points, and I see no reason to
change what works. However, I will suppose that E knows something that
I don't on this point, so I am considering how to implement such a
change in my working habits. All other things being equal, not
installing software you don't need reduces your system's attack surface.
(You'll run into a lot of Gentoo users who think this is important.)
Having fewer layers in the way can also make problems easier to
troubleshoot.
Secondly, most mainstream distros configure sudo to use user passwords,
and *don't* place any other restrictions on what user accounts can do
through sudo. This means that an attacker only has to break one
password—the one on your user account—to obtain full root access. On an
su-only system, the attacker has to break *two* passwords—your user's,
and root's. It isn't a *lot* of added security, but every little bit
helps.
I need to make yet one more reinstallation of my system (because I am
upgrading some internal hard drives, and moving the older ones into backup
status. When I do this, I will attempt to set a root password, and see how
this works out.
Whenever I do this, though, I end up being told that I don't have
permission, that my root password is "wrong" even though I know it's
right,
and so on. In my experience, setting a root password only means getting
locked out of my own system.
It could be that I'm doing it wrong. :-/
It's the usual security vs. inconvenience
tradeoff, and in this case, I
admit the stakes are pretty small. My distro puts its thumb on the
scales by requiring me to install sudo explicitly rather than having it
present by default—less work to leave it off if there's no compelling
argument for having it.
I admit that I usually leave a Konsole window that's su'ed to root lying
around permanently, rather than su'ing every time I need to enter a
command, but no one else with physical access to my computers has any
idea of how to use a Linux system, so I'm not very worried. Your
situation may be different there.
In my situation, I only *wish* that there were somebody here who has the
slightest clue about Linux; or somebody who actually read books. I consider
myself fortunate that there is at least another musician for conversation,
otherwise I should die of neglect.
It is not other people who are here that concern me, but rather just the
creeping atmosphere of surveillance and paranoia everywhere in general.
Some years ago (when I was living in a place where it was illegal to seek
invention in a "noted weed"), an old friend of mine used to say, more or
less on a daily basis, that it was always good to be "ready for Freddy" ...
although I never did encounter this character.
Still, you know the Man is coming to get you, sooner or later. Call it Big
Brother, bad actors, corporate surveillance, or whatever you like. You are
guilty of thought crimes. Confess! And you know that it's true, too.
Therefore, it's good to keep a secure system.
Bill