Exactly correct. Security through obscurity barely works (and generally only against people who aren't really good at hacking), and doesn't work at all when your obscure method has been published on the Internet... Like below :-)


On July 9, 2024 11:32:26 AM MST, "Snyder, Alexander J via PLUG-discuss" <plug-discuss@lists.phxlinux.org> wrote:
Security through Obscurity isn't a good methodology to adopt.

It's kind of like my logic in the very early 00s, thinking that if my primary Windows partition were "D:/" instead of "C:/", I'd be safer. 

If you're concerned about a malicious script, then just don't ever run things without first reading them ... Which is why things like "PiHole" offer you the ability to pipe their setup script directly to BASH, but also warm about how dangerous that is.

If anyone were to REALLY compromise your system, they are doing so with exploits that do not rely on the naked use of "sudo" ... Those folks are going to get you through buffer overflow attacks and other wildly ingenious ways I can't even begin to fathom. 

Disabling sudo and enabling an alias of the same function, will protect you from 14 year old kids on 4Chan, but not anyone who truly wants to do you harm.

--
Thanks,
Alexander

Sent from my Google Pixel 7 Pro

On Tue, Jul 9, 2024, 10:36 Michael <bmike1@gmail.com> wrote:
security so I don't get I script that say sudo -rf or..... I guess I don't really need to worry about that, huh?

On Tue, Jul 9, 2024 at 1:33 PM Snyder, Alexander J <alexander@snyderfamily.co> wrote:
Why? 

What's the end goal? What are you trying to achieve?

--
Thanks,
Alexander

Sent from my Google Pixel 7 Pro

On Tue, Jul 9, 2024, 10:17 Michael <bmike1@gmail.com> wrote:
Good question! I want to disable sudo while allowing its alias to work

On Tue, Jul 9, 2024 at 12:29 PM Snyder, Alexander J <alexander@snyderfamily.co> wrote:
I think I lost the thread of this discussion somewhere along the way. What is your desired outcome with this, Michael?

Regardless of the journey, what are you hoping to achieve in the end?

--
Thanks,
Alexander

Sent from my Google Pixel 7 Pro

On Tue, Jul 9, 2024, 09:09 Michael via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
and I reinstalled my system and got sudo and my alias to work. ai told me to change the permissions of sudo but..... wait I could create an instance of sudo closer up the path and change it's permissions. that should work.

On Tue, Jul 9, 2024 at 12:05 PM Michael <bmike1@gmail.com> wrote:
I'm not antisystemd but that is how ai told me to do it


On Tue, Jul 9, 2024 at 10:28 AM Ryan Petris <ryan@petris.net> wrote:
I don't have an answer for you on the sudo bit, but I saw this in your history:

    5  nano ~/set_time_after_internet.sh
    6  chmod +x ~/set_time_after_internet.sh

Not sure if you're anti-systemd or not, but if you use systemd-networkd (or even NetworkManager) along with systemd-timesyncd, this is exactly what happens, the time is set after you get an internet connection.

At least on Arch, enabling systemd-networkd or NetworkManager will result in the services systemd-networkd-wait-online or NetworkManager-wait-online being enabled, which will complete once you have an internet connection; systemd-timesyncd will run after these services and thus the time will be set.

Yet another thing you don't have to worry about if you just embrace systemd...

On Tue, Jul 9, 2024, at 6:23 AM, Michael via PLUG-discuss wrote:
here is my history so you can see what chatgpt directed me to do:
bmike1@bmike1-desktop:~$ history
    1  xkill
    2  ls /home
    3  ls /home/bmike1/b
    4  ls /home/bmike1/
    5  nano ~/set_time_after_internet.sh
    6  chmod +x ~/set_time_after_internet.sh
    7  crontab -e
    8  alias aliasforsudo to sudo
    9  nano ~/.bashrc
   10  source ~/.bashrc
   11  aliasforsudo ls /root
   12  nano ~/.bashrc
   13  source ~/.bashrc
   14  aliasforsudo ls /root
   15  source ~/.bashrc
   16  aliasforsudo ls /root
   17  sudo visudo
   18  nano ~/set_time_after_internet.sh
   19  chmod +x ~/set_time_after_internet.sh
   20  crontab -e
   21  aliasforsudo ls /root
   22  SUDO
   23  sudo
   24  sudo cp /usr/bin/sudo /usr/bin/sudo.bak
   25  sudo tee /usr/bin/sudo <<EOF
   26  #!/bin/bash
   27  echo "The sudo command has been disabled."
   28  EOF
   29  sudo mv /usr/bin/sudo /usr/bin/sudo.bak
   30  echo -e '#!/bin/bash\necho "The sudo command has been disabled."' | sudo tee /usr/bin/sudo
   31  aliasforsudo ls
   32  sudo ls
   33  # Create the dummy sudo script
   34  echo -e '#!/bin/bash\necho "The sudo command has been disabled."' | sudo tee /usr/bin/sudo
   35  which sudo
   36  sudo
   37  su
   38  aliasforsudo
   39  aliasforsudo
   40  aliasforsudo
   41  sudo
   42  isud
   43  visudo
   44  aliasforsudo visudo
   45  aliasforsudo
   46  aliasforsudo ls
   47  sudo ls
   48  aliasforsudo ls
   49  sudo ls
   50  echo -e '#!/bin/bash\necho "The sudo command has been disabled."' | sudo tee /usr/bin/sudo
   51  aliasforsudo mv /usr/bin/sudo /usr/bin/sudo.old
   52  echo -e '#!/bin/bash\necho "The sudo command has been disabled."' | aliasforsudo tee /usr/bin/sudo
   53  aliasforsudo bash -c 'cat > /usr/bin/sudo <<EOF
   54  #!/bin/bash
   55  echo "The sudo command has been disabled."
   56  EOF'
   57  echo -e '#!/bin/bash\necho "The sudo command has been disabled."' > sudo
   58  aliasforsudo mv sudo /usr/bin/sudo
   59  aliasforsudo ls
   60  su
   61  aliasforsudo ls
   62  sudo ls
   63  aliasforsudo passwd root
   64  su
   65  aliasforsudo sudo
   66  aliasforsudo ls
   67  sudo ls
   68  aliasforsudo visudo
   69  history
bmike1@bmike1-desktop:~$
switced user because sudo disabled
root@bmike1-desktop:/home/bmike1# history
    1  mount -oremount,rw /
    2  cp /usr/bin/sudo.bak /usr/bin/sudo
    3  chmod 4755 /usr/bin/sudo
    4  visudo
    5  mount -o remount,rw /
    6  cp /usr/bin/sudo.bak /usr/bin/sudo
    7  chmod 4755 /usr/bin/sudo
    8  su cmike1
    9  su bmike1
   10  sudo rm /usr/local/bin/sudo
   11  sudo rm /usr/local/bin/sudo_custom
   12  rm /usr/local/bin/sudo_custom
   13  nano ~/.bashrc
   14  which sudo
   15  rm /usr/local/bin/sudo
   16  which sudo
   17  sudo ls
   18  rm /usr/local/bin/sudo
   19  which sudo
   20  ls -l /usr/bin/sudo
   21  nano ~/.bashrc
   22  rm /usr/local/bin/sudo
   23  which sudo
   24  apt update
   25  apt install --reinstall sudo
   26  sudo ls
   27  apt update
   28  apt install --reinstall sudo
   29  which sudo
   30  sudo ls
   31  rm /usr/local/bin/sudo 2>/dev/null
   32  ls -l /usr/bin/sudo
   33  sudo ls
   34  visudo
   35  echo $PATH
   36  unalias sudo 2>/dev/null
   37  sudo
   38  chmod 4755 /usr/bin/sudo
   39  sudo
   40  echo "alias god='sudo'" >> ~/.bashrc
   41  source ~/.bashrc
   42  aliasforsudo ls
   43  tail -f /var/log/syslog
   44  apt --fix-broken install
   45  fg
   46  history
root@bmike1-desktop:/home/bmike1# su bmike1


On Tue, Jul 9, 2024 at 7:46 AM Michael <bmike1@gmail.com> wrote:
chatgpt is being stupid. A couple of days ago it showed me how to create an alias for sudo and then disable sudo while letting the alias work. Well, I had a power fluctuation and that caused my box to to start booting into busybox. So I reinstalled my system and now chatgpt doesn't know how to disable sudo while allowing it's alias to work. So I turn to you.

--
:-)~MIKE~(-:


--
:-)~MIKE~(-:
---------------------------------------------------
PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:




--
:-)~MIKE~(-:


--
:-)~MIKE~(-:
---------------------------------------------------
PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss


--
:-)~MIKE~(-:


--
:-)~MIKE~(-:
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.