securitybreach Posted June 24, 2017 Share Posted June 24, 2017 "It was just one of those nights. We were sitting at the O'Neil's San Mateo Pub, taking a break after a long day at the Maker Faire. Hackaday was hosting an informal drink-up and a steady stream of colorful characters was just started flowing in. That's when we met [Robert Coggeshall]. It started off as a normal discussion - he runs [small Batch Assembly] and does a lot of interesting things in the maker space. Then he brought up a fascinating detail - "Oh, did you know I also co-invented sudo back in the 80ies?" we had to get the story from him." Read the entire article: https://hackaday.com...x-sudo-command/ http://www.youtube.com/watch?v=LaAwl3HN5ds 4 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 25, 2017 Share Posted June 25, 2017 Super read I liked the comments section. Following the breadcrumbs I started to read up about su and sudo as I did not know what " su - " or " su -c " and such like were. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 25, 2017 Author Share Posted June 25, 2017 Super read I liked the comments section. Following the breadcrumbs I started to read up about su and sudo as I did not know what " su - " or " su -c " and such like were. Glad to help. Personally, I use su - and su -c all the time. I used sudo as well when needed. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 25, 2017 Share Posted June 25, 2017 Wish I had known about those commands years ago. Funnily enough I have never seen them in any of the loads of articles and guides I have read. 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted June 26, 2017 Share Posted June 26, 2017 I haven't sudo'd since I was last in Debian or Ubuntu. In Slack, it's su all the time. Quote Link to comment Share on other sites More sharing options...
raymac46 Posted June 26, 2017 Share Posted June 26, 2017 I really like sudo -i since that "sort of" lets you log in as root. If you plan to do a bunch of sudo commands you won't have to type "sudo" before each one. Then you just exit and you are back to a user shell. 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted June 26, 2017 Share Posted June 26, 2017 Myeh... sudo is just virtual su. I don't do virtual. 1 Quote Link to comment Share on other sites More sharing options...
saturnian Posted June 26, 2017 Share Posted June 26, 2017 In the past, I would go with how the distro was set up -- like, I'd use sudo in Ubuntu and Mint, but I'd use su in other distros. Lately, I mostly use sudo in every distro I run. Hotly-debated topic, this "su vs. sudo" stuff. But when it comes to Linux, I guess there's never been a shortage of hotly-debated topics! I thought it was kinda funny reading the comments following the article, where folks seemed to be getting bent out of shape about the "correct" pronunciation. Whatever. 2 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 26, 2017 Share Posted June 26, 2017 Well I can see the benefit of sudo when you have a few different users now that I have read around the subject a bit more. Personally I prefer to use su as with coloured output you can see when you are root at a glance. I do have sudo as pacaur needs it and I am not at the stage where I want to manage AUR packages without a helper. I thought the comments were quite amusing too regarding pronunciation. Reading around the subject it I am finding articles or guides where folk are told, add your user to the sudoers file and and wheel group and do something like (can not remember the exact off hand) " ALL=ALL " which basically gives the user root for everything. I find the whole thing confusing and need to read more about sudo. It is just another layer of stuff that you need to grasp the meaning and usage of and for a single user I feel it is not necessary and trending away from the KISS principle. A good tool perhaps but so is a petrol driven 12" stone saw and how many folk need one of them in daily life ? Mind you I could do with a stone saw for a few days as I want to alter me driveway 1 Quote Link to comment Share on other sites More sharing options...
saturnian Posted June 26, 2017 Share Posted June 26, 2017 Yeah, seems to me that sudo is not necessary, especially on a single-user system. It's just another tool. And I've had to do some reading to figure out how to set things up and all that. All that being said, seems okay to use, for me, on my single-user systems. I'm finding that in the end it isn't such a big deal; seems like a nice tool to have around. I figured I'd go for it and see how I felt about it myself. Who knows, maybe down the road I'll go back to using only su. A good tool perhaps but so is a petrol driven 12" stone saw and how many folk need one of them in daily life ? Ha-ha! Well, I'd say that sudo is a heck of a lot more useful in my daily life than a petrol driven 12" stone saw would be! 2 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 26, 2017 Share Posted June 26, 2017 Ok so I have done some more reading and have a question. On Arch is it possible to just allow "me + root" to use pacaur with sudo. That is take "me" out of the wheel group, create a group that only allows pacaur. Or could I take "me" out of the wheel group and just use " sudo -c or sudo -i or sudo - " ? These are the man entries for -c and -i, -c class -c class, --l -c class, --login-, Run the command with resource limits and scheduling priority of the specified login class. The class argument can be either a class name as defined in /etc/login.conf, or a single ‘-’ character. If class is -, the default login class of the target user will be used. Otherwise, the command must be run as the superuser (user ID 0), or sudo must be run from a shell that is already running as the superuser. If the command is being run as a login shell, additional /etc/login.conf settings, such as the umask and environment variables, will be applied, if present. This option is only available on systems with BSD login classes. -i login Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution via the shell's -c option. If no command is specified, an interactive shell is executed. sudo attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one a user would receive at log in. The Command environment section in the sudoers(5) manual documents how the -i option affects the environment in which a command is run when the sudoers policy is in use. There is also this dealing with using an editor with sudo which I have never come across before, Secure editing The sudoers plugin includes sudoedit support which allows users to securely edit files with the editor of their choice. As sudoedit is a built-in command, it must be specified in the sudoers file without a leading path. However, it may take command line arguments just as a normal command does. Wildcards used in sudoedit command line arguments are expected to be path names, so a forward slash (‘/’) will not be matched by a wildcard. Unlike other sudo commands, the editor is run with the permissions of the invoking user and with the environment unmodified. More information may be found in the description of the -e option in sudo(8). For example, to allow user operator to edit the “message of the day” file: operator sudoedit /etc/motd The operator user then runs sudoedit as follows: $ sudoedit /etc/motd The editor will run as the operator user, not root, on a temporary copy of /etc/motd. After the file has been edited, /etc/motd will be updated with the contents of the temporary copy. Users should never be granted sudoedit permission to edit a file that resides in a directory the user has write access to, either directly or via a wildcard. If the user has write access to the directory it is possible to replace the legitimate file with a link to another file, allowing the editing of arbitrary files. To prevent this, starting with version 1.8.16, symbolic links will not be followed in writable directories and sudoedit will refuse to edit a file located in a writable directory unless the sudoedit_checkdir option has been disabled or the invoking user is root. Additionally, in version 1.8.15 and higher, sudoedit will refuse to open a symbolic link unless either the sudoedit_follow option is enabled or the sudoedit command is prefixed with the FOLLOW tag in the sudoers file. A very puzzled barbarian Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted June 27, 2017 Share Posted June 27, 2017 Back in my Ubuntu days, I ran su. I also set up Arch to use su primarily when I was running that OS, but I don't remember exactly how I did that... it was a long time ago. 1 Quote Link to comment Share on other sites More sharing options...
saturnian Posted June 27, 2017 Share Posted June 27, 2017 Ok so I have done some more reading and have a question. On Arch is it possible to just allow "me + root" to use pacaur with sudo. That is take "me" out of the wheel group, create a group that only allows pacaur. Or could I take "me" out of the wheel group and just use " sudo -c or sudo -i or sudo - " ? I wish I knew enough to be able to give you good answers. I use yaourt here instead of pacaur. And I don't use AUR all that much, just a few apps from there -- I try to keep it at a minimum. On my Arch system, yaourt uses sudo, when necessary. I dug through my notes and looked at man pages to see if I could point you in the right direction, but I gave up after a while. Anyway, why not keep using pacaur as you're doing right now? By the way, I finally got around to installing Debian Stretch on my "main" computer, with KDE and Openbox. Did a netinstall. I thought it was interesting that sudo was included by default, but it wasn't set up yet. I mean, steve (me) wasn't in group=sudo, so all I did was run the following: # adduser steve sudo That did the trick, and now I'm having no problem using sudo in this installation. I also thought it was interesting that nano was already installed, and that visudo used nano by default. Which is nice for me because I'm not so good at using vi. In Arch, I had to set visudo to use nano. 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 27, 2017 Share Posted June 27, 2017 Thanks saturnian. I will keep on using pacaur for now. I also do not have a great deal of AUR packages but some are essential for me. I am really trying to gain a better understanding of su and sudo which I am slowly beginning to understand. I think the commands for vi are mostly the same for vim. As with nano you really only need the most basic commands like so, Vim, there are three commands useful to remember. :q - just quit/close :q! - quit ignoring changes :wq - write changes and quit Sounds like you guys area having a lot of fun with Stretch from all the posts here. Enjoy 1 Quote Link to comment Share on other sites More sharing options...
Hedon James Posted June 27, 2017 Share Posted June 27, 2017 Myeh... sudo is just virtual su. I don't do virtual. And yet, here you are...an esteemed virtual friend in our virtual computer club?! 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted June 27, 2017 Share Posted June 27, 2017 Well, it's possible our entire known Universe is just a SIM game on some pimply-faced reptilian kid's quantum computer. 1 Quote Link to comment Share on other sites More sharing options...
Hedon James Posted June 27, 2017 Share Posted June 27, 2017 Well, it's possible our entire known Universe is just a SIM game on some pimply-faced reptilian kid's quantum computer. welcome to the matrix. red, or blue? 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted June 27, 2017 Share Posted June 27, 2017 Blue for me, please. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 27, 2017 Author Share Posted June 27, 2017 Wish I had known about those commands years ago. Funnily enough I have never seen them in any of the loads of articles and guides I have read. That's how it goes. I haven't sudo'd since I was last in Debian or Ubuntu. In Slack, it's su all the time. Well you could install it if you wanted to. I actually use both, depending on what I am doing. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 27, 2017 Author Share Posted June 27, 2017 I really like sudo -i since that "sort of" lets you log in as root. If you plan to do a bunch of sudo commands you won't have to type "sudo" before each one. Then you just exit and you are back to a user shell. I didn't know about that one as I usually use sudo su for that. Thanks Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 27, 2017 Author Share Posted June 27, 2017 Myeh... sudo is just virtual su. I don't do virtual. Actually its more secure because: This is a key difference between su and sudo. Su switches you to the root user account and requires the root account's password. Sudo runs a single command with root privileges – it doesn't switch to the root user or require a separate root user password. https://www.howtogee...etween-sudo-su/ That is why I mentioned that I use both of them. You can have it ask for the root password for some things whereas others will ask for the sudo password which is the user's password. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 27, 2017 Author Share Posted June 27, 2017 Secure editing The sudoers plugin includes sudoedit support which allows users to securely edit files with the editor of their choice. As sudoedit is a built-in command, it must be specified in the sudoers file without a leading path. However, it may take command line arguments just as a normal command does. Wildcards used in sudoedit command line arguments are expected to be path names, so a forward slash (‘/’) will not be matched by a wildcard. Unlike other sudo commands, the editor is run with the permissions of the invoking user and with the environment unmodified. More information may be found in the description of the -e option in sudo(8). For example, to allow user operator to edit the “message of the day” file: operator sudoedit /etc/motd The operator user then runs sudoedit as follows: $ sudoedit /etc/motd The editor will run as the operator user, not root, on a temporary copy of /etc/motd. After the file has been edited, /etc/motd will be updated with the contents of the temporary copy. Users should never be granted sudoedit permission to edit a file that resides in a directory the user has write access to, either directly or via a wildcard. If the user has write access to the directory it is possible to replace the legitimate file with a link to another file, allowing the editing of arbitrary files. To prevent this, starting with version 1.8.16, symbolic links will not be followed in writable directories and sudoedit will refuse to edit a file located in a writable directory unless the sudoedit_checkdir option has been disabled or the invoking user is root. Additionally, in version 1.8.15 and higher, sudoedit will refuse to open a symbolic link unless either the sudoedit_follow option is enabled or the sudoedit command is prefixed with the FOLLOW tag in the sudoers file. A very puzzled barbarian That seems very over complicated. I have never read anything about that. I just run EDITOR=vim visudo as root which opens up the sudoers file with vim. You could easily just run EDITOR=nano visudo as show on the wiki. I will read up on the other and tell you what I think. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 27, 2017 Author Share Posted June 27, 2017 # adduser steve sudo That did the trick, and now I'm having no problem using sudo in this installation. I also thought it was interesting that nano was already installed, and that visudo used nano by default. Which is nice for me because I'm not so good at using vi. In Arch, I had to set visudo to use nano. I have never heard of using the sudo group, I didn't even know it existed. Normally, the wheel group takes care of all that: The wheel group is a special user group used on some Unix systems to control access to the sudo command, which allows a user to masquerade as another user (usually the super user. https://en.wikipedia...heel_(Unix_term) Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 27, 2017 Author Share Posted June 27, 2017 Well, it's possible our entire known Universe is just a SIM game on some pimply-faced reptilian kid's quantum computer. Actually there are a lot of smart people who think the same so who knows: http://www.youtube.com/watch?v=wgSZA3NPpBs 1 Quote Link to comment Share on other sites More sharing options...
saturnian Posted June 27, 2017 Share Posted June 27, 2017 I have never heard of using the sudo group, I didn't even know it existed. Normally, the wheel group takes care of all that: The wheel group is a special user group used on some Unix systems to control access to the sudo command, which allows a user to masquerade as another user (usually the super user. https://en.wikipedia...heel_(Unix_term) I don't know. I got it straight from the Debian wiki -- from the "Verifying sudo membership" section, here: https://wiki.debian.org/sudo 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 28, 2017 Share Posted June 28, 2017 I have never heard of using the sudo group, I didn't even know it existed. Normally, the wheel group takes care of all that: The wheel group is a special user group used on some Unix systems to control access to the sudo command, which allows a user to masquerade as another user (usually the super user. https://en.wikipedia...heel_(Unix_term) I don't know. I got it straight from the Debian wiki -- from the "Verifying sudo membership" section, here: https://wiki.debian.org/sudo Arch has its own little perculiarities. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 28, 2017 Share Posted June 28, 2017 (edited) Secure editing The sudoers plugin includes sudoedit support which allows users to securely edit files with the editor of their choice. As sudoedit is a built-in command, it must be specified in the sudoers file without a leading path. However, it may take command line arguments just as a normal command does. Wildcards used in sudoedit command line arguments are expected to be path names, so a forward slash (‘/’) will not be matched by a wildcard. Unlike other sudo commands, the editor is run with the permissions of the invoking user and with the environment unmodified. More information may be found in the description of the -e option in sudo(8). For example, to allow user operator to edit the “message of the day” file: operator sudoedit /etc/motd The operator user then runs sudoedit as follows: $ sudoedit /etc/motd The editor will run as the operator user, not root, on a temporary copy of /etc/motd. After the file has been edited, /etc/motd will be updated with the contents of the temporary copy. Users should never be granted sudoedit permission to edit a file that resides in a directory the user has write access to, either directly or via a wildcard. If the user has write access to the directory it is possible to replace the legitimate file with a link to another file, allowing the editing of arbitrary files. To prevent this, starting with version 1.8.16, symbolic links will not be followed in writable directories and sudoedit will refuse to edit a file located in a writable directory unless the sudoedit_checkdir option has been disabled or the invoking user is root. Additionally, in version 1.8.15 and higher, sudoedit will refuse to open a symbolic link unless either the sudoedit_follow option is enabled or the sudoedit command is prefixed with the FOLLOW tag in the sudoers file. A very puzzled barbarian That seems very over complicated. I have never read anything about that. I just run EDITOR=vim visudo as root which opens up the sudoers file with vim. You could easily just run EDITOR=nano visudo as show on the wiki. I will read up on the other and tell you what I think. I think you read this too fast as it is not talking about which editor to use for altering the sudoers file. Using sudoedit as a normal user allows that user to write/make/alter files that are root access only. This for example does not allow you to alter fstab, $ nano /etc/fstab bash: $: command not found whereas $ sudoedit /etc/fstab I have tested it and it works as advertised. This will save me a lot of typing as I will not need to su to root and then open a editor and then su back to my normal user. Amazing what you can learn if only you RTFM mind you understanding the man pages can be a tad difficult for me :'( Edited June 28, 2017 by abarbarian Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 28, 2017 Author Share Posted June 28, 2017 Ah ok, neat Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 28, 2017 Share Posted June 28, 2017 Well, it's possible our entire known Universe is just a SIM game on some pimply-faced reptilian kid's quantum computer. There must be something to the theory as the beeb have made a series around the subject, Planet B is a science fiction drama series first broadcast on BBC Radio 7 on 2 March 2009 as part of BBC Radio's science fiction season between February and March 2009.[1] Planet B is set in a virtual world called "Planet B" in which people play as life-size avatars. The first series follows John Armstrong who attempts to find girlfriend Lioba Fielding who is dead in the real world but alive in Planet B. As he travels between various worlds he becomes entangled in an array of strange scenarios, teleporting from each adventure to the next with his companion Medley, a "rogue avatar" who has no human controller. All the while, John and Medley are being watched by a dog-like antivirus programme called Cerberus who, along with the Planet B Corporation, considers the rogues to be a computer virus that need to be wiped out. In the second series, Lioba is on the run from Planet B and travels the virtual world with computer games expert Kip Berenger after they are attacked by Cerberus. The series was created by Sam Hoyle, Jessica Dromgoole and Matthew Broughton with James Robinson. The first series ran for ten episodes and was BBC Radio 7's biggest ever commission for an original drama series.[2] A second series of five episodes was broadcast from 29 November 2009 to 27 December.[3] A third series started on 30 January 2011.[4] As all dram has some element of real life in it there may be some truth in the concept. Also apparently folk are spreading the news via usb sticks as entertainment. Be warned do press play if finding such material as you will loose hours of your real life if not life itself. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.