Post Install Recommendations

[Arthur Archnix]

I've been giving Fedora 8 a spin for a week now, and I like it enough to make it a permanent addition to the hard-drive. I'm going to do a clean reinstall, but I was wondering a few things:

1. I went to a lot of bother trying to get sudo working to try and make Fedora mimic Ubuntu behaviour, but I didn't see a lot of people doing the same. Do you guys use su - when necessary and leave sudo alone? I'm guessing that because Fedora doesn't configure this on install, using sudo isn't the Fedora way to do things.

2. I came across a link on these forums that took me to a page that I (later on) found was giving unsupported advice. What are your favorite resources that helped you get to know the OS a little better? I'm new to Fedora but have used Ubuntu for a while.

Many thanks,

[pete_1967]

Never used Ubuntu but I assume that it is set to use sudo with full root privileges and no password essentially giving anyone accessing computer full root access - same as if you always logged in as root - not a good idea. Of course, if sudo privileges are restricted, previous doesn't apply.

You can add yourself to sudoers file and grant all root privileges for user if you want to, but sudo is really meant to give restricted root privileges for a user (e.g. allow users to restart httpd server or perform file copying to html directories etc).

There's somewhere sticky on these forums for resources, Fedora Faq is one useful community site I guess.

[PabloTwo]

Here's a link to show you how to setup sudoers, and much more, easily.

http://www.mjmwired.net/resources/mjm-fedora-f8.html

Paul

[Arthur Archnix]

Well, the first user during the install is automatically added to the sudoers file, and then whenever they attempt to do something that requires elevated priveleges they have to enter their user password. The root account is disabled. This setup is probably best for me, since I'm not concerned about anyone with physical access, the only danger to my system is from the web. My question though, is whether you (anyone else who cares to respond) use sudo. My sense is that sudo is not widely used, so I should set a pretty good root password.

[ordinary]

Arthur,
Do things the way you want. The fact seems to be that FC users do not prefer sudo, but use su instead. If you are more comfortable using sudo, by all means use it. Or don't. It really is up to you.

My main box is FC7, and I also have 2 Debian slug servers, and a CentOS box. On none of these do I use sudo. My Ubuntu box is an ancient machine used mainly for demonstrating stuff to converts from winders. Sudo there causes me no hardship or inconvenience at all.

Enjoy yourself!

[PabloTwo]

Quote:

My question though, is whether you (anyone else who cares to respond) use sudo.

Yes. I use sudo. I almost never log in as root. It's a matter of personal preference and also what type of system you're running (single user personal computer or shared by others) as to whether you want to use sudo at all or, if you do, how much privilege you care to give yourself. Like you, I am the sole user on my machine and give myself full [ALL] root privilege with no password requirement.

Some would feel that is an 'unsafe' environment to work in. Perhaps for some, it is. But for me, the mere fact that I type sudo as the first command in a command line is enough of a reminder to myself to be very thoughtful as to what I type next. From my time spent here on this forum, I get the feeling that there are a lot of fedora users who use sudo over su.

Paul

[pete_1967]

What you are missing is that if they crack your user account on Ubuntu, they have immediately full control over your system instead of having to try cracking root password as well, and usually it's easier to crack user account first.

I only use sudo on servers but quite few in these forums do use it at home as well (do search for "sudo" to find some of them).

[FriedChips]

I use sudo more often than not. Setting up sudoers is rather simple depending on how you go about it. I just do:

Code:

su
visudo

and remove the # at the beginning of the line that looks something like

Code:

%wheel   ALL:ALL  NOPASSWD:ALL

if you read through it kinda explains what each line will do... after that just add whoever should have access to sudo to the wheel group with.

Code:

system-config-users

after that the only other thing that kinda screws you up is that you don't have a full root path. This can be fixed by modifying your bash profile but it doesn't usually bother me too much. If I have a lot to do as root or I am doing kernel module compiling or something of that nature that requires a full root path I use

Code:

su -

[ordinary]

Quote:

Originally Posted by pete_1967

What you are missing is that if they crack your user account on Ubuntu, they have immediately full control over your system instead of having to try cracking root password as well, and usually it's easier to crack user account first.

What am I missing? How is it easier to crack a user password than a root password, given only that both are well constructed passwords?

[tw2113]

I use sudo all the time if I don't have much to do. If I have a lot to do requiring root privileges, I'll log in through a terminal to root and save myself some repeated typing.

in regards to the 2 passwords, I think what he meant to say is that having 2 accounts, 1 user, 1 root, is an extra level of security, instead of having just 1 password for a setup that would get you full computer control

[tw2113]

btw, I recommend this site to getting some post-install stuff accomplished

http://www.fedorasolved.org

[Arthur Archnix]

Well, thanks for the replies. Something for me to think about then. As for the cracking, the thinking goes (on the Ubuntu side, as far as I understand it) that give equally difficult passwords its harder to crack a user accout, since you'd need both the username and password, while for root you already have the account name. And if you're trying to do this remotely you will be wasting your time on the root account since it's disabled.

The real drawback is for anyone who has physical access to the computer, since you simply reboot in single user mode, and activate the root account, and bob's your all powerful uncle. As far as I understand, that can't be done with the root account enabled. But really, if you're not using disk encryption who cares about hacking your account? Just remove the drive, mount it elsewhere, explore to your hearts content.