I've lost sudo access and I don't really understand why

Tom H tomh0665 at gmail.com
Thu Mar 19 13:23:34 UTC 2020 

On Thu, Mar 19, 2020 at 6:36 AM Ralf Mardorf via ubuntu-users
> <ubuntu-users at lists.ubuntu.com> wrote:
> On Thu, 19 Mar 2020 15:29:40 +1100, Karl Auer wrote:


>> That said, it's important that you keep opinion and fact distinct,
>> otherwise less-experienced people on this list might mistake your
>> opinions for fact.
>>
>> Using sudo with a disabled root account are IMHO good security
>> practice. It is wrong of you to present your differing opinion as
>> fact.
>
> An install with or without an enabled root account suffers from the
> same security risks regarding compromise of an account by hackers.

If root is enabled, a hacker only needs to get its password.

If root is disabled, a hacker needs to get a username and a password


> The original reason for disabling the root account was to provide
> better security for those who came from another operating system, not
> understanding the root account, thus might mistakes as e.g. starting
> a graphical session as root or keeping a root terminal opened.

OS X was the first OS to default to a disabled root. By the time that
it was released in March 2001, you couldn't enable root and login to
the GUI as root. But you could do so before OS X 10.0 was released, in
OS X Server 1.0, released in March 99 and in OS X public beta,
released in September 2000.

When Ubuntu 4.10 was releasead, you couldn't enable root and login to
the GUI as root without changing some settings.

In both cases, disabling root was a simple security measure,
independent of the potential newness of the users.

Solaris has different way of securing root. In Solaris 10 (released in
January 2005), you could turn root into a role; meaning that certain
users can su to root but root cna only login directly in single-user
mode). In Solaris 11 (released in November 2011), root is a role by
default.

The desktop install of Debian gives the option of a disabled root user.

The desktop install of Fedora defaults to a disabled root user.

(I've forgotten when the latter two features came into effect.)

You can choose to resist this evolution, but, whether you access root
via su sudo pkexec etc, with or without a password, best practice is
undeniably that logging on directly as root should be verboten. One
exception might be, for example, to allow ssh'ing with public key
authentication.

More information about the ubuntu-users mailing list