How sudo command works?

[manjibu]

I just installed linux mint debian. When I run sudo command, it asked my current password, I thought it should ask root password instead. For example, I want to restart postgresql service:

Code: Select all

sudo service postgresql restart

Then it asked my current user's password instead of root's password. Why is it like that? In my experience in other distro, it's not like that.

Btw, I apologize if my question is too n00b.


Thx & Regards,
manjibu

[lime795]

Sudo works like the admin account in most windows versions but different. It gives you higher access then being a regular user like windows, hence asking for your user password. but sudo always uses the user password because sudo itself doesnt have its own password.

Hope this helps.

[manjibu]

Isn't it unsafe to ask for same user password? I'm not techies, but I just think like this: if a hacker managed to know a user password, that means he can perform root level activity with sudo. But if sudo needs root password, as long the hacker doesn't know root password, the system will be much safer.

[eanfrid]

sudo is designed to offer various spans of user privileges. A sudo user may have limited access to some list of commands or machines or whatever. It is much more smarter than granting full root access when it is not really needed. However, yes, if your sudo-user account is granted ALL access, then you indeed own an alternate root account when you use sudo. But the rest of the time, your account is nothing more than a common user account. Compared to true root access, it is slightly different since your hacker would have to guess what is your user account - instead of simply trying "root" (security by obscurity) - and would have to use the sudo command to enable these privileges.

I think your fear resides in your own password strength and how you protect use of this password. Trying to crack any user password don't make a difference between either a root account or a user account. Then

if a hacker managed to know a user password

is not relevant. Cracked, given or stolen don't make a difference for this matter.

[manjibu]

When first time installing linux mint, I don't remember it ever asked me to set password for root. So, when I run su command like this: su -c "service postgresql restart", the system only asked my current user password. So, could that mean root doesn't has password at all? or root's password was set as same as my current user's password? If bad hacker know my user name and password, that would be pretty screwed up, isn't it?

[eanfrid]

The root account is disabled. I thought that I made it clear

If bad hacker know my user name and password

is no easier job than knowing root password unless you typed a weak user password and/or gave it to anyone but you. BTW I use a very strong user password (even stronger than root password if I would have to temporarily enable root account for some obscure reason) and use sudo everyday.

[xenopeek]

The root account is not disabled, and IIRC its password is set to the initial password of the user created during installation of Linux Mint. You can try by pressing Ctrl+Alt+F1 to go to the virtual console, and logging in there with username "root" and that password. (You can return to the graphical desktop with Ctrl+Alt+F7, sometimes Ctrl+Alt+F8.)

sudo requires your password, but you can change the sudo configuration if you want so it requires the root password. As shared, this is not in any way more or less secure. If somebody manages to get remote access to your machine, you're already in trouble.

If you want to disregard all that has been said, and want to change sudo so it requires the root password, proceed as follows. Open a terminal and run the following command, providing your password when asked:

Code: Select all

sudo visudo

Then beneath the other Defaults line add:

Code: Select all

Defaults rootpw

Save & close the file and henceforth sudo will require the root password instead of your own. Don't forget your root password...

[eanfrid]

Oops ! So I disabled the root account Hence you also have the choice between entering a harder (or at least different) user password than root password or completely disabling the root account.

[elemenophee]

If I'm not mistaken, installation asks you for both root and user password.

Maybe I'm wrong... I've installed many systems these last days.

Sent through Tapatalk

[xenopeek]

If I'm not mistaken, installation asks you for both root and user password.

It doesn't.

[DrHu]

If the application you are using is entirely local to your account and no-one else is logging into the system, then security of the admin user may not be much of an issue; however if there is more than one user and you are the admin (first user created with the install), then a strong password/passphrase is a good idea

For sudo and other applications, such as your DB, being concerned or at least checking the issues in security of the same is also a good idea

sudo..
https://en.wikipedia.org/wiki/Sudo

https://en.wikipedia.org/wiki/Compariso ... n_features

• Impact
  In some cases sudo has completely supplanted the superuser login for administrative tasks, most notably in Linux distributions, such as Fedora and Ubuntu, as well as Apple's Mac OS X.[10][11]