On Monday 31 August 2020 06:44:06 E. Liddell wrote: > On Sun, 30 Aug 2020 15:46:58 -0700 > > "William Morder via trinity-users" <trinity-users@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On Sunday 30 August 2020 11:19:03 Slávek Banko wrote: > > > On Saturday 29 of August 2020 13:11:01 William Morder via trinity-users > > > > Sorry to take so long to respond. I was AFK and lost in the physical > > world, and dealing with the problems of living in meatspace. > > > > > wrote: > > > > Okay, so I solved part of the sudoers list / root password problem. > > > > Turns out that I had not downloaded quite all the sudo packages, > > > > particularly some of the tde-trinity packages, or kde-trinity > > > > transition packages, or something in that lot. > > > > > > If you do not set a root password and use sudo, then the > > > tdesudo-trinity package is appropriate to ensure that all tdesu calls > > > are actually tdesudo => instead of su and root passwords will use sudo > > > and the user's password. > > > > The mysterious E (for Enigmatic) raised the issue of su against sudo; and > > I've also heard Nik mention that su is better for the single home user, > > which is myself. Until now, sudo + tdesudo has always done the trick for > > me, but if it is less secure, and my system will work, then at least I > > ought to make myself aware of the distinctions. I've tried out su, but so > > far I don't see any benefit, and only hear about the perils of sudo. > > > > It is possible that I can change my habits, so I will look into su. But > > if anybody can explain why su or why *not* sudo, I would be grateful, as > > the technical descriptions I can find online, or in my Linux guides, do > > not guide me toward any decisive points, and I see no reason to change > > what works. However, I will suppose that E knows something that I don't > > on this point, so I am considering how to implement such a change in my > > working habits. > > It isn't really all that complex. There are two reasons (well, three, > really, but the third is distro-specific) why none of my systems have sudo > installed: > > First of all, su is the older default piece of software that is installed > on every Linux system. sudo is an add-on. Every extra piece of software > you have installed increases the complexity of your system and the number > of bugs you have sloshing around. I quite agree with your philosophy here. This is why I went back to an init system in Devuan, rather than trying to make Debian work. And also, Debian has been involved an a series of scandals and misadventures, so to speak, which have caused me to lose some confidence. In my view, Devuan is now more Debian than Debian itself. > All other things being equal, not > installing software you don't need reduces your system's attack surface. > (You'll run into a lot of Gentoo users who think this is important.) > Having fewer layers in the way can also make problems easier to > troubleshoot. > > Secondly, most mainstream distros configure sudo to use user passwords, and > *don't* place any other restrictions on what user accounts can do through > sudo. This means that an attacker only has to break one password—the one > on your user account—to obtain full root access. On an su-only system, the > attacker has to break *two* passwords—your user's, and root's. It isn't a > *lot* of added security, but every little bit helps. > I need to make yet one more reinstallation of my system (because I am upgrading some internal hard drives, and moving the older ones into backup status. When I do this, I will attempt to set a root password, and see how this works out. Whenever I do this, though, I end up being told that I don't have permission, that my root password is "wrong" even though I know it's right, and so on. In my experience, setting a root password only means getting locked out of my own system. It could be that I'm doing it wrong. :-/ > It's the usual security vs. inconvenience tradeoff, and in this case, I > admit the stakes are pretty small. My distro puts its thumb on the scales > by requiring me to install sudo explicitly rather than having it present by > default—less work to leave it off if there's no compelling argument for > having it. > > I admit that I usually leave a Konsole window that's su'ed to root lying > around permanently, rather than su'ing every time I need to enter a > command, but no one else with physical access to my computers has any idea > of how to use a Linux system, so I'm not very worried. Your situation may > be different there. > In my situation, I only *wish* that there were somebody here who has the slightest clue about Linux; or somebody who actually read books. I consider myself fortunate that there is at least another musician for conversation, otherwise I should die of neglect. It is not other people who are here that concern me, but rather just the creeping atmosphere of surveillance and paranoia everywhere in general. Some years ago (when I was living in a place where it was illegal to seek invention in a "noted weed"), an old friend of mine used to say, more or less on a daily basis, that it was always good to be "ready for Freddy" ... although I never did encounter this character. Still, you know the Man is coming to get you, sooner or later. Call it Big Brother, bad actors, corporate surveillance, or whatever you like. You are guilty of thought crimes. Confess! And you know that it's true, too. Therefore, it's good to keep a secure system. Bill > E. Liddell > --------------------------------------------------------------------- To unsubscribe, e-mail: trinity-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx For additional commands, e-mail: trinity-users-help@xxxxxxxxxxxxxxxxxxxxxxxxxx Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
