trinity-users@lists.pearsoncomputing.net

Message: previous - next
Month: August 2020

Re: [trinity-users] Beowulf/Buster upgrade - password problems - firewall - the saga resumes

From: "William Morder via trinity-users" <trinity-users@...>
Date: Mon, 31 Aug 2020 12:54:38 -0700

On Monday 31 August 2020 09:48:09 Michael wrote:
> On Monday 31 August 2020 08:44:06 am E. Liddell wrote:
> > I admit that I usually leave a Konsole window that's su'ed to root lying
> > around permanently
>
> For what it's worth, I also always have a root Konsole shell (tab) open at
> all times.  'New Root Shell' gives you (me) black text on white background
> instead of the user shell of white text on black background, so it's
> somewhat hard to type into the wrong shell...
>

I believe many of us (if not most) are guilty of this kind of cheat. Like 
everybody else, we want convenience, and it takes time to type in those 
commands, which aren't in ordinary language so they don't come naturally. And 
if the user is a 2-finger typist, then it takes even longer. (Fortunately, 
this is not the malady that afflicts me, but I have friends who are of this 
ilk.) 

So as I said earlier, my more secure workaround is to keep a list of oft-used 
commands (I won't say where), ready to hand. When I boot up, I have a window 
with a number of terminals that load with other programs. Then I make the 
first several tabs of terminal root: sudo su or su, as you prefer, and enter 
my user password (to become root). Once these are all root@hostname, I enter 
exit (so that I still have root privileges for 15 minutes), then I enter 
whatever sudo commands I need at startup. Then, if you are among the 
uber-paranoid, sudo pkill su | sudo pkill sudo, and you are back to your 
normal environment. 

Now when you want to run a sudo command, instead of leaving that root shell 
open, just hit your UP arrow key, there it is, sudo su, enter your password 
and your in. Whatever you want to kill right away, or whatever it was that 
gets your attention (which is the REASON that you would leave a root shell 
open, right?) you can sudo pkill with one of those ready commands from the 
list, then exit and sudo pkill su | pkill sudo. 

There may be a better way, but this is how I try to keep my system secure, and 
still have the convenience. I just make it a habit, and it becomes part of my 
startup routine; I do it in the time that it takes my coffee to brew. 

Bill

powered by ezmlm-www (v1.4.5)