Find the answer to your Linux question:
Results 1 to 3 of 3
From Linux From Scratch build a minimal system for running my application. but struck on disabling root permission. Need my minimal lfs as ubuntu. when ubuntu boots login-screen displays when ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2013
    Posts
    1

    Disabling Root Permissions


    From Linux From Scratch build a minimal system for running my application. but struck on disabling root permission.

    Need my minimal lfs as ubuntu.

    when ubuntu boots login-screen displays when we enter username and password it will redirect to Desktop from ter when we open a terminal it will open as $--> non root-user from ter we access #--> root via sudo.

    Same as ubuntu when my lfs boots want to display my application [xinit-window launcher (same as login screen in ubuntu but, in my case with out asking user name and password)] and when i access terminal it should display as $--> non-root user then i want to use sudo to access root.

    Thanks

  2. #2
    Blackfooted Penguin daark.child's Avatar
    Join Date
    Apr 2006
    Location
    West Yorks
    Posts
    4,393
    Take a look at Make Sudo Work Like Ubuntu on Other Linux Systems for information on how to achieve what you have mentioned in your post above. Personally I don't see the difference between using sudo in the way Ubuntu configures it and using a proper root account. You can do the same amount of damage to a system.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
    Posts
    11,159
    Quote Originally Posted by daark.child View Post
    Take a look at Make Sudo Work Like Ubuntu on Other Linux Systems for information on how to achieve what you have mentioned in your post above. Personally I don't see the difference between using sudo in the way Ubuntu configures it and using a proper root account. You can do the same amount of damage to a system.
    With sudo, you can configure it to restrict what sudoers can do to the system. By restricting unlimited root login access to the system, you remove an entire class of exploits. In practice, however, that becomes problematic. If an exploiter can login to a sudoer user account, then they can have full access to the system, such as by executing the command "sudo su -" which gives one full root access...

    In the final analysis, you only allow root access from directly connected terminals or the system console (no remote root logins), and DO NOT give full sudo access to ANY user account! This is why I do not like how Ubuntu and clones behave...

    If you do need remote root access, then you create a user account accessible via ssh that requires a private key to connect (controlled by the account's ~/.ssh/authorized_keys file which contains the account's public key) - password optional. That is a LOT more difficult to compromise. Then, you allow ONLY that account full sudo access to root functions.

    My company has VERY stringent security requirements for our servers (thousands of them all over the world) because we host a lot of sensitive user data. This is how we provide secure root access for our distributed system management teams to the servers they are responsible for, which may be spread out all over the globe (console access effectively impossible).

    In addition, all root access is logged and forwarded to our security team to evaluate...
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •