This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Talk:Sudo
Bash completion command
Please explain why the user should run echo with escalated privileges. Smartass (talk) 05:37, 30 July 2013 (UTC)
- its often a redirected command... they are like piped commands ie command1 | command2 command 1 gets sudo, cmd 2 doesnt. it has sudo powers at echo but not at the >> and the whole point of those are manipulating root file systems. just try a few sudo echos, you'll be back. =D 666threesixes666 (talk) 03:12, 30 January 2014 (UTC)
- if you're talking about this instance https://wiki.gentoo.org/wiki/Sudo#Bash_Completion my counter question is why do you need sudo completion on users with out sudo? that one is not required, im kinda shocked it slipped in to translate versions.666threesixes666 (talk) 05:13, 30 January 2014 (UTC)
SUDO VOODOO
Some people disable root logins for security reasons. Root is a user everyone knows is on most linux machines, and its an easy target. Make sure you have a user with working sudo su before disabling root. I do this by making all wheel group users sudo nopasswd, then disable root, then attackers must guess the wheel user instead of having a static root target. the wheel user is the new access to root via sudo su. why no passwd? i'm aware of key loggers, and the easiest way to steal someones password is to key log it out of the computer, and reducing input of it reduces risk.
run this once
root #
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
(replace this $USER with your actual user name)
root #
gpasswd -a $USER wheel
disable root login
user $
sudo passwd -l root
to get to root
user $
sudo su
to re-enable root
user $
sudo passwd
i use a lock screen button & password secured screen savers & password logins for my security of immediate area. im going to get flash keys to test moving kernels on to, and see if i can figure out a system where it would require the flash key to unlock the computer. im not sure how i feel about biometrics yet.666threesixes666 (talk) 05:13, 30 January 2014 (UTC)
- this or something similar in idea should probably be the default method. hardening by removing root. 666threesixes666 (talk) 04:47, 30 January 2014 (UTC)
- metadata is scaring me, idk what to do 666threesixes666 (talk) 03:12, 30 January 2014 (UTC)
- this or something similar in idea should probably be the default method. hardening by removing root. 666threesixes666 (talk) 04:47, 30 January 2014 (UTC)
respecting bash aliases
sudo neglects all bash aliases unless you set a alias for sudo that includes a space.
/etc/bash/bashrc
alias sudo='sudo '
666threesixes666 (talk) 04:12, 14 February 2014 (UTC)