Ask Your Question
0

how to convert debian root to sudo with security

asked 2016-08-29 06:50:57 -0600

dabeegmon gravatar image

updated 2016-08-29 06:51:30 -0600

Reading through the tutorials it is becoming clear that ros uses sudo rather than switching from user to root (and back) to setup, manipulate and use the various programs.

So I spent some time researching (read through a number of other forum site's pages), read the debian wiki page and read the man page for sudo.

There are examples in the sudo man page but not enough or I'm just not understanding how to setup debian to move from using exclusively root for system mods to keeping that capability but allowing a sudo user (specified) access to what is needed to setup run and manage ros and limit that sudo (user) access to just that.

Looking for this to keep security levels as high as possible so I don't want to have to run everything as root or even sudo.

Not sure this is clear nor if it makes sense but I really really want to keep the security that I can have using root to manage things and having the user being locked out of those functions. (IMO this is becoming even more important given the push toward IoT.)

edit retag flag offensive close merge delete

Comments

I'm not sure this question is really suitable for this site: in general we try to keep things really on-topic, and even though this question seems to have originated from an issue with how the ROS (installation) tutorials are set up, the question sudo vs su - root and security seems off-topic.

gvdhoorn gravatar imagegvdhoorn ( 2016-08-29 09:22:47 -0600 )edit

What kind of answers are you really looking for? Pointers to external sites that cover these things, personal experiences of other users or pointers to external sites that cover these things?

gvdhoorn gravatar imagegvdhoorn ( 2016-08-29 09:23:47 -0600 )edit

AS I can't find a cogent description of anything besides a 'change root to sudo' which seems to me to be a huge reduction in security, anything that outlines how to add sudo AND still have some security would be useful -- beggards can't be choosers.

dabeegmon gravatar imagedabeegmon ( 2016-08-29 11:31:17 -0600 )edit

I would disagree that security is off-topic. With the whole IoT hanging overhead I would think that it would be one of the major issues that should be included in all computer systems thinking.

dabeegmon gravatar imagedabeegmon ( 2016-08-29 11:33:06 -0600 )edit

I'm not trying to argue that "security is off-topic". The only thing I'm saying is that this seems more a Debian systems administration issue than something directly related to ROS. We make use of what the platforms provide, so we don't have to. Security of the middleware is something else.

gvdhoorn gravatar imagegvdhoorn ( 2016-08-29 14:42:58 -0600 )edit

AS I can't find a cogent description of anything besides a 'change root to sudo' [..]

Is there any ROS-related page that recommends this? If so, could you please point me to it?

gvdhoorn gravatar imagegvdhoorn ( 2016-08-29 14:44:46 -0600 )edit

Sure - - - look at the first page of instructions for installation.

What is the first word you see in the actual command?

'Sudo'

That is the method used when the use of root as a security measure has been deprecated and the command sudo is used instead. Until 1.5 second command that's what's used

dabeegmon gravatar imagedabeegmon ( 2016-08-29 17:54:48 -0600 )edit

I am asking for this information because to build something great you need a very solid foundation. I'm not convinced at this point that using sudo to obviate the use of root is the highest level of security that can be created.

dabeegmon gravatar imagedabeegmon ( 2016-08-29 17:59:11 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-08-31 11:22:59 -0600

ahendrix gravatar image

Installing sudo doesn't remove your ability to use the root account.

This is not the appropriate forum for discussing the security implications of using the root account vs using sudo.

If you just want to get through the install instructions for debian, you can do two things:

  • Log in as root and run any commands that use sudo without the sudo prefix.
  • Set up sudo and follow the debian installation instructions exactly as written
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-08-29 06:50:57 -0600

Seen: 114 times

Last updated: Aug 31 '16