\documentclass{ictlab} \RCS $Revision: 1.6 $ \usepackage{alltt,key} %\usepackage{floatfig} \usepackage{wrapfig} %\usepackage[hang,bf,nooneline]{caption2} \usepackage[flushleft]{caption2} \ifx\pdftexversion\undefined \else \usepackage[pdfpagemode=None,pdfauthor={Nick Urbanik}]{hyperref} \fi \newcommand*{\screenwidth}{0.4\textwidth} \newcommand*{\labTitle}{Administration, the \texttt{root} User and Configuring \texttt{sudo}} \renewcommand*{\subject}{Operating Systems and Systems Integration} \providecommand*{\DHCP}{\acro{DHCP}\xspace} \newlength{\chainsawwidth} \setlength{\chainsawwidth}{3cm} \begin{document} \section{Aim} \label{sec:aim} The aim of this activity is to understand the purpose of the \texttt{root} account, and the security risks of logging in as \texttt{root}, and how to avoid them. The student will appreciate that system administration with \texttt{sudo} is a useful help to security. \section{Background} \label{sec:background} You normally log into the computer system as your own user account. There are only two places where you can create or edit files on the computer system: \begin{itemize} \item in your \emph{home directory}; \item in the \texttt{/tmp} directory. \end{itemize} Everywhere else is read only, or offers you no access. \par %% \begin{floatingfigure}{\chainsawwidth} %% \includegraphics[width=\chainsawwidth]{chainsaw} %% \caption{Doing everything as \texttt{root} is like cutting bread %% with a chainsaw.} %% \end{floatingfigure} \begin{wrapfigure}{r}{\chainsawwidth} \includegraphics[width=\chainsawwidth]{chainsaw} \caption{Doing everything as \texttt{root} is like cutting bread with a chainsaw.} \end{wrapfigure} However, to perform system administration, you sometimes need to change files outside of your home directory, and outside of the \texttt{/tmp} directory. How can you perform system administration? You need to temporarily become the \texttt{root} user. The \texttt{root} user account is sometimes called the \emph{superuser}, since this account allows access to everything. This power is too great for most activities; with a simple typing mistake, you can delete the entire hard disk. Viruses and worms running under the \texttt{root} account can damage anywhere at all, and have access to everything on the computer. Buggy software running as the \texttt{root} user can do unlimited damage. Running all software as the \texttt{root} user is an accident waiting to happen. It is like using a chainsaw to cut a loaf of bread. %% There are various levels of privelege in a computer system. The user %% called \texttt{root}, with the numeric user \acro{ID} of 0, is able to %% perform any action on the computer, including create user accounts, %% install software, change network settings, and perform general system %% administration. There is great power in the \texttt{root} user's %% account, and this user is also sometimes called the \emph{superuser}. %% However, the \texttt{root} user can also delete all files on %% the computer with one command, and can unknowingly install a virus, or %% unknowingly install a trojan horse program that will allow an attacker %% to gain remote access to the computer. There are many system %% administrative tasks that must be done as the \texttt{root} user, but %% there are enormous dangers from logging into the X Window system as %% the \texttt{root} user and remaining logged in. This worksheet shows %% how to avoid some of these dangers, and still get your work done. There are two tools with which you should be familiar: the program \texttt{su}, and more importantly, \texttt{sudo}. Here we see how to use them. \section{Procedure} \label{sec:procedure} \subsection{Using the \texttt{su} Program to Become \texttt{root}} \label{sec:su} \begin{enumerate} \item Log into your Linux system with your own user account, \emph{\textbf{not}} as \texttt{root}. \item In a terminal window, type: \begin{alltt} $ \textbf{su -} \end{alltt}%$ \begin{explanation} Do not type the \texttt{\$}; that indicates the prompt, and that you are typing this as a normal user. When you log in as \texttt{root}, the prompt becomes a hash: \texttt{\#}. The minus sign `\texttt{-}' tells \texttt{su} to run the login scripts of the user you are changing to (here, it is the \texttt{root} user). \end{explanation} \item When prompted, type in your \texttt{root} password (note, this is different from \texttt{sudo}). \item Notice that your prompt has changed to a hash: \texttt{\#}. \item To run graphical programs (an example is \texttt{xclock}), you may need to type in another terminal window (or the same one before you type the \texttt{su} command) the following command: \begin{alltt} $ \textbf{xhost +localhost} \end{alltt}%$ \item To exit (log out) from the \texttt{root} account, type: \begin{alltt} # \textbf{exit} \end{alltt} \end{enumerate} \subsection{Advantages and Disadvantages of Using the \texttt{su} Program} \label{sec:su-adv-disadv} There is quite a lot of convenience in opening one window, \texttt{su}ing to \texttt{root}, and leaving that window open. However, when you go to get that cup of tea, someone else may come and take advantage of this. The person who uses \texttt{su} must also know the \texttt{root} password. The more people who know a secret, the less of a secret it is. It is more secure to use the program \texttt{sudo}, which we discuss now. \subsection{The \texttt{sudo} Program} \label{sec:sudo} The \texttt{sudo} program allows a senior system administrator to keep the \texttt{root} password to themselves, and to delegate responsibility for various tasks to other junior system administators. There are some advantages to doing things this way, including the fact that every command executed using \texttt{sudo} is recorded in the system logs. This can help administrators coordinate their efforts; they can see what the other has done. Also, a cracker who breaks into the system and who gets access to the \texttt{root} account will beunlikely to use \texttt{sudo}, and the break-in will be clearly visible in the system logs (unless the person is smart enough to cover their tracks). Probably the most important thing is that the administrator does not need to know or remember the \texttt{root} password, thus making it easier to keep secret, and allowing it to be changed more often. \subsection{Configuring \texttt{sudo}} \label{sec:sonfiguring-sudo} \begin{enumerate} \item Become \texttt{root} using the \texttt{su} program, as described above in section~\vref{sec:su}. \item Type: \begin{alltt} # \textbf{visudo} \end{alltt} \item Refer to the chapter about \texttt{vi} in the Linux Workshop notes for guidance on using the \texttt{vi} text editor. You will find the `\texttt{o}' and `\texttt{i}' commands useful. % : see section~\vref{sec:insert command}. \item Or, if you prefer \texttt{emacs} to \texttt{vi} like I do, then you could type: \begin{alltt} # \textbf{EDITOR=emacs visudo} \end{alltt} \item Edit the file so that it looks like this, taking care to type it accurately, but put your username instead of mine: \begin{alltt} # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. # \textbf{Defaults timestamp_timeout = 10} # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL \textbf{nicku ALL=(ALL) ALL} \end{alltt} Note that two lines were added, nothing else is changed. But please use \emph{your own} \LDAP user name here, not \texttt{nicku}! See \texttt{man sudoers} and search for \texttt{Defaults}, and also \texttt{timeout} for information about the first line. It changes the time that may elapse since you last used \texttt{sudo} before you need to enter your password again. The default is normally five minutes. \item Save it and exit by typing (in \texttt{vi}): \begin{alltt} \key{\textsf{Esc}} \textbf{:wq} \end{alltt} and \texttt{sudo} is now configured. Here we have assigned full priveleges to the user, but \texttt{sudo} can be set up to assign restricted administration rights to junior administrators. You can learn more by reading the \texttt{man} (manual) pages for \texttt{sudoers}, \texttt{sudo} and \texttt{visudo}. \item Log out from being \texttt{root} by typing: \begin{alltt} # \textbf{exit} \end{alltt} \begin{explanation} Your prompt should end with a dollar; if not, then you have run \texttt{su~-} more than once. Continue typing \texttt{exit} until your prompt ends with a dollar: \texttt{\$}. \end{explanation} \end{enumerate} \subsection{Using Sudo} \label{sec:using-sudo} \subsubsection{Some Background} To use \texttt{sudo}, \begin{enumerate} \item you type \texttt{sudo} in front of the command you want to execute as the \texttt{root} user. \item The first time you do this, you will see a warning like this: \begin{verbatim} We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things: #1) Respect the privacy of others. #2) Think before you type. Password: \end{verbatim} \item At that prompt, you will type \textbf{\emph{your own password}}, \emph{not} that of the \texttt{root} user. \item If you use \texttt{sudo} within the next ten minutes (normally five) within the same terminal window, you will not need to type your password. \item If you walk away from your computer at all, you can cause the ten minute period to expire immediately by typing: \begin{alltt} $ \textbf{sudo -k} \end{alltt}%$ If \texttt{sudo} is used immediately after this, a passsword will be required. \item Before running a graphical program with \texttt{sudo} for the first time in one login session, you need to type (as your own self): \begin{alltt} $ \textbf{xhost +localhost} \end{alltt}%$ to allow any user who is logged into your machine, to display graphics on the X server (the network graphics system on which you run your graphical user interface). This includes the user \texttt{root}, who is otherwise barred from display while you are running X from your account. %% \item I suggest that you install the \textsf{Acrobat Reader} onto your %% machine, following the work sheet I have written about that at %% \url{http://ictlab.tyict.vtc.edu.hk/ossi/lab/install-acrobat/install-acrobat.pdf}. \end{enumerate} \subsubsection{Exercise using \texttt{sudo}} \begin{enumerate} \item Try to display the special \emph{log} file \texttt{/var/log/secure}: \begin{alltt} $ \textbf{cat /var/log/secure} cat: /var/log/secure: Permission denied \end{alltt}%$ Hmm, it says permission is denied. Only system administrators can see this log file. Let's use \texttt{sudo}: \begin{alltt} $ \textbf{sudo cat /var/log/secure} \end{alltt}%$ Make sure you enter \emph{your own} password, and not that of \texttt{root}. \end{enumerate} \subsection{Why Use \texttt{sudo}?} \label{sec:why-use-sudo} There are four main reasons for using \texttt{sudo}: \begin{itemize} \item Only one person needs to know the root password. A secret shared between ten system administrators is no longer a secret. \item You only run as root the commands that you need to run as root. This increases security significantly. The less you do at the highest privelege level, the better. \item A senior system administrator may \emph{delegate} only some duties to others (i.e., backup, printing administration,\,\ldots), since \texttt{sudo} allows the senior administrator to allow priveleged access to only the required commands. \item Every command executed using \texttt{sudo} is recorded in a \emph{log file}. On Red Hat 9, this is \texttt{/var/log/security}. For each command executed using \texttt{sudo}, the following details are recorded: \begin{itemize} \item The time the command was executed \item The user who executed the command \item What user the command was effectively executed as (usually root, but you can change that with the \texttt{-u \meta{user}} option to \texttt{sudo} --- see \texttt{man sudo}). \item What the current directory was that the command was executed in \item What terminal was used (i.e., was the user logged in locally, or over the network?) \item The exact command, with its exact location in the file system. \end{itemize} This log allows the system administrator to go back and find out what was done when by who. If the system stops working properly, the logs can provide information about what was done at the time, and if a mistake was made, it can be identified and rectified. \end{itemize} \subsection{Warning!} \label{sec:warning} From now on, if I see anyone logged in as the \texttt{root} user into the X Window system, I will make a mental note of this person as being a poor student, and I will then take careful note of any other poor behaviour! Seriously, it is \emph{very} amateur behaviour to remain consistently logged into an X Window system as the \texttt{root} user. If I catch you doing this, expect a stern warning. Similarly, I do not want to see you using a window \texttt{su}ed to \texttt{root} for extended periods of time, and I will similarly criticise you for doing so. Such behaviour leaves the system open to security abuse by others. I want all of you to get into the habit of using \texttt{sudo} for system administration tasks. You will be a better system administrator for this, and your system will be less easy to crack. Note that at your workplace, you should ensure that the number of people who can use \texttt{sudo} on the system you are responsible for is limited as much as possible. \end{document}