securitybreach Posted February 25, 2021 Share Posted February 25, 2021 I just ran across this neat tip that shows password feedback when you are typing your password with sudo. Here is an example of what I am talking about: All you have to do is add this to your /etc/sudeors Defaults pwfeedback After you hit enter and become root, the dots disappear. 4 Quote Link to comment Share on other sites More sharing options...
sunrat Posted February 26, 2021 Share Posted February 26, 2021 Doesn't work. I don't see your password. I have a super secure 4 character password so don't need to see it as it's easy to remember. 1 Quote Link to comment Share on other sites More sharing options...
saturnian Posted February 26, 2021 Share Posted February 26, 2021 (edited) On 2/25/2021 at 10:17 PM, sunrat said: Doesn't work. I don't see your password. LOL! I tested it here. Should there be a reminder for people to use visudo to edit the /etc/sudoers file? Edited March 11, 2021 by saturnian typo Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 26, 2021 Author Share Posted February 26, 2021 5 hours ago, saturnian said: LOL! I tested it here. Should there be a reminder for people to use visudo to edit the /etc/soudoers file? You know, I have heard many times but can't remember the reason why. I can easily just sudo vim /etc/sudoers. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 26, 2021 Author Share Posted February 26, 2021 Visudo checks the syntax before overwriting the file. So if you know the syntax, there isnt really a need to do it that way. Quote visudo checks the file syntax before actually overwriting the sudoers file. If you use a plain editor, mess up the syntax, and save... sudo will (probably) stop working, and, since /etc/sudoers is only modifiable by root, you're stuck (unless you have another way of gaining root). Additionally it ensures that the edits will be one atomic operation. This locking is important if you need to ensure nobody else can mess up your carefully considered config changes. For editing other files as root besides /etc/sudoers there is the sudoedit command which also guard against such editing conflicts. https://unix.stackexchange.com/questions/27594/why-do-we-need-to-use-visudo-instead-of-directly-modifying-the-sudoers-file#27595 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 26, 2021 Author Share Posted February 26, 2021 That and I can always get back into an installation using a liveusb and chroot Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 26, 2021 Author Share Posted February 26, 2021 7 hours ago, sunrat said: Doesn't work. I don't see your password. I have a super secure 4 character password so don't need to see it as it's easy to remember. 4? I use a minimum of 16 characters for my user accounts. I used to then use a yubikey (in conjunction with PAM) to enable 2FA for my login. I still use the yubikeys, just not for my computer login. https://wiki.archlinux.org/index.php/YubiKey Quote Link to comment Share on other sites More sharing options...
saturnian Posted February 26, 2021 Share Posted February 26, 2021 securitybreach, I'm thinking that the piece you quoted (about visudo) should be enough to let anyone reading this thread know that it's important to be careful when editing that file. Myself, I use visudo anyway. Even though I never make mistakes. Ha-ha. By the way, until this came up, I had forgetten that I'd changed the text editor visudo uses on this system to nano. 1 Quote Link to comment Share on other sites More sharing options...
sunrat Posted February 26, 2021 Share Posted February 26, 2021 10 hours ago, securitybreach said: 4? I use a minimum of 16 characters for my user accounts. I use much stronger passwords for banking and stuff like that, and there is no trace of them on my computer. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 27, 2021 Author Share Posted February 27, 2021 1 hour ago, sunrat said: I use much stronger passwords for banking and stuff like that, and there is no trace of them on my computer. Those are generated using an opensource password manager that I unlock with my yubikey. Quote Link to comment Share on other sites More sharing options...
sunrat Posted February 27, 2021 Share Posted February 27, 2021 I just remember mine. 1 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted February 27, 2021 Author Share Posted February 27, 2021 Diceware Quote Link to comment Share on other sites More sharing options...
saturnian Posted February 28, 2021 Share Posted February 28, 2021 This also works for password feedback: Change: Defaults env_reset To: Defaults env_reset,pwfeedback https://www.howtogeek.com/194010/HOW-TO-MAKE-PASSWORD-ASTERISKS-VISIBLE-IN-THE-TERMINAL-WINDOW-IN-LINUX/ 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted March 1, 2021 Share Posted March 1, 2021 On 2/27/2021 at 4:52 AM, securitybreach said: Diceware Ah ha a differ dice life to the one I was thinking of. Your post threw me back in time and brought up memories of this book I read in the 70's. The Dice Man (Paperback) Luke Rhinehart (author) The book itself was nothing really special but the concept of living life on the throw of a dice was cool man. So a group of us tried to live full time by rolling dice for a while. We were three couples and were living in a communal squat and every day when we woke up we had breakfast/brunch/lunch whatever along with a couple of spliffs. Then each of us wrote what we wanted to do next on a scrap of paper and then we rolled a dice to see who's choice we would follow.We kept to this regime for as far as I can remember for a couple of months. It was certainly a very strange way of living and we ended up having some very strange experiences. Ah those were the days , full of peace and love and pharmaceuticals. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 1, 2021 Author Share Posted March 1, 2021 Nice idea Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.