31 Aug
2020
31 Aug
'20
8:12 p.m.
On Monday 31 August 2020 06:44:06 E. Liddell wrote:
I quite agree with your philosophy here. This is why I went back to an init
system in Devuan, rather than trying to make Debian work. And also, Debian
has been involved an a series of scandals and misadventures, so to speak,
which have caused me to lose some confidence. In my view, Devuan is now more
Debian than Debian itself.
On Sun, 30 Aug 2020 15:46:58 -0700
"William Morder via trinity-users"
<trinity-users(a)lists.pearsoncomputing.net> wrote:
On Sunday 30
August 2020 11:19:03 Slávek Banko wrote:
It isn't really all that complex. There are two reasons (well, three,
really, but the third is distro-specific) why none of my systems have sudo
installed:
First of all, su is the older default piece of software that is installed
on every Linux system. sudo is an add-on. Every extra piece of software
you have installed increases the complexity of your system and the number
of bugs you have sloshing around. On Saturday 29 of August 2020 13:11:01 William
Morder via trinity-users
Sorry to take so long to respond. I was AFK and lost in the physical
world, and dealing with the problems of living in meatspace.
wrote:
The mysterious E (for Enigmatic) raised the issue of su against sudo; and
I've also heard Nik mention that su is better for the single home user,
which is myself. Until now, sudo + tdesudo has always done the trick for
me, but if it is less secure, and my system will work, then at least I
ought to make myself aware of the distinctions. I've tried out su, but so
far I don't see any benefit, and only hear about the perils of sudo.
It is possible that I can change my habits, so I will look into su. But
if anybody can explain why su or why *not* sudo, I would be grateful, as
the technical descriptions I can find online, or in my Linux guides, do
not guide me toward any decisive points, and I see no reason to change
what works. However, I will suppose that E knows something that I don't
on this point, so I am considering how to implement such a change in my
working habits. Okay, so I solved part of the sudoers list / root
password problem.
Turns out that I had not downloaded quite all the sudo packages,
particularly some of the tde-trinity packages, or kde-trinity
transition packages, or something in that lot.
If you do not set a root password and use sudo, then the
tdesudo-trinity package is appropriate to ensure that all tdesu calls
are actually tdesudo => instead of su and root passwords will use sudo
and the user's password. All other things being equal, not
installing software you don't need reduces your system's attack surface.
(You'll run into a lot of Gentoo users who think this is important.)
Having fewer layers in the way can also make problems easier to
troubleshoot.
Secondly, most mainstream distros configure sudo to use user passwords, and
*don't* place any other restrictions on what user accounts can do through
sudo. This means that an attacker only has to break one password—the one
on your user account—to obtain full root access. On an su-only system, the
attacker has to break *two* passwords—your user's, and root's. It isn't a
*lot* of added security, but every little bit helps.
I need to make yet one more reinstallation of my system (because I am
upgrading some internal hard drives, and moving the older ones into backup
status. When I do this, I will attempt to set a root password, and see how
this works out.
Whenever I do this, though, I end up being told that I don't have permission,
that my root password is "wrong" even though I know it's right, and so on.
In
my experience, setting a root password only means getting locked out of my
own system.
It could be that I'm doing it wrong. :-/
It's the usual security vs. inconvenience
tradeoff, and in this case, I
admit the stakes are pretty small. My distro puts its thumb on the scales
by requiring me to install sudo explicitly rather than having it present by
default—less work to leave it off if there's no compelling argument for
having it.
I admit that I usually leave a Konsole window that's su'ed to root lying
around permanently, rather than su'ing every time I need to enter a
command, but no one else with physical access to my computers has any idea
of how to use a Linux system, so I'm not very worried. Your situation may
be different there.
In my situation, I only *wish* that there were somebody here who has the
slightest clue about Linux; or somebody who actually read books. I consider
myself fortunate that there is at least another musician for conversation,
otherwise I should die of neglect.
It is not other people who are here that concern me, but rather just the
creeping atmosphere of surveillance and paranoia everywhere in general.
Some years ago (when I was living in a place where it was illegal to seek
invention in a "noted weed"), an old friend of mine used to say, more or less
on a daily basis, that it was always good to be "ready for Freddy" ...
although I never did encounter this character.
Still, you know the Man is coming to get you, sooner or later. Call it Big
Brother, bad actors, corporate surveillance, or whatever you like. You are
guilty of thought crimes. Confess! And you know that it's true, too.
Therefore, it's good to keep a secure system.
Bill
E. Liddell
---------------------------------------------------------------------
To unsubscribe, e-mail: trinity-users-unsubscribe(a)lists.pearsoncomputing.net
For additional commands, e-mail: trinity-users-help(a)lists.pearsoncomputing.net
Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/
Please remember not to top-post:
http://trinity.pearsoncomputing.net/mailing_lists/#top-posting