Re: disable sudo but allow it's alias to work

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Rusty via PLUG-discuss
Date:  
To: Main PLUG discussion list
CC: Rusty
Subject: Re: disable sudo but allow it's alias to work
Exactly correct. Security through obscurity barely works (and generally only against people who aren't really good at hacking), and doesn't work at all when your obscure method has been published on the Internet... Like below :-)

On July 9, 2024 11:32:26 AM MST, "Snyder, Alexander J via PLUG-discuss" <> wrote:
>Security through Obscurity isn't a good methodology to adopt.
>
>It's kind of like my logic in the very early 00s, thinking that if my
>primary Windows partition were "D:/" instead of "C:/", I'd be safer.
>
>If you're concerned about a malicious script, then just don't ever run
>things without first reading them ... Which is why things like "PiHole"
>offer you the ability to pipe their setup script directly to BASH, but also
>warm about how dangerous that is.
>
>If anyone were to REALLY compromise your system, they are doing so with
>exploits that do not rely on the naked use of "sudo" ... Those folks are
>going to get you through buffer overflow attacks and other wildly ingenious
>ways I can't even begin to fathom.
>
>Disabling sudo and enabling an alias of the same function, will protect you
>from 14 year old kids on 4Chan, but not anyone who truly wants to do you
>harm.
>
>--
>Thanks,
>Alexander
>
>Sent from my Google Pixel 7 Pro
>
>On Tue, Jul 9, 2024, 10:36 Michael <> wrote:
>
>> security so I don't get I script that say sudo -rf or..... I guess I don't
>> really need to worry about that, huh?
>>
>> On Tue, Jul 9, 2024 at 1:33 PM Snyder, Alexander J <
>> > wrote:
>>
>>> Why?
>>>
>>> What's the end goal? What are you trying to achieve?
>>>
>>> --
>>> Thanks,
>>> Alexander
>>>
>>> Sent from my Google Pixel 7 Pro
>>>
>>> On Tue, Jul 9, 2024, 10:17 Michael <> wrote:
>>>
>>>> Good question! I want to disable sudo while allowing its alias to work
>>>>
>>>> On Tue, Jul 9, 2024 at 12:29 PM Snyder, Alexander J <
>>>> > wrote:
>>>>
>>>>> I think I lost the thread of this discussion somewhere along the way.
>>>>> What is your desired outcome with this, Michael?
>>>>>
>>>>> Regardless of the journey, what are you hoping to achieve in the end?
>>>>>
>>>>> --
>>>>> Thanks,
>>>>> Alexander
>>>>>
>>>>> Sent from my Google Pixel 7 Pro
>>>>>
>>>>> On Tue, Jul 9, 2024, 09:09 Michael via PLUG-discuss <
>>>>> > wrote:
>>>>>
>>>>>> and I reinstalled my system and got sudo and my alias to work. ai told
>>>>>> me to change the permissions of sudo but..... wait I could create an
>>>>>> instance of sudo closer up the path and change it's permissions. that
>>>>>> should work.
>>>>>>
>>>>>> On Tue, Jul 9, 2024 at 12:05 PM Michael <> wrote:
>>>>>>
>>>>>>> I'm not antisystemd but that is how ai told me to do it
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 9, 2024 at 10:28 AM Ryan Petris <> wrote:
>>>>>>>
>>>>>>>> I don't have an answer for you on the sudo bit, but I saw this in
>>>>>>>> your history:
>>>>>>>>
>>>>>>>>     5  nano ~/set_time_after_internet.sh
>>>>>>>>     6  chmod +x ~/set_time_after_internet.sh

>>>>>>>>
>>>>>>>>
>>>>>>>> Not sure if you're anti-systemd or not, but if you use
>>>>>>>> systemd-networkd (or even NetworkManager) along with systemd-timesyncd,
>>>>>>>> this is exactly what happens, the time is set after you get an internet
>>>>>>>> connection.
>>>>>>>>
>>>>>>>> At least on Arch, enabling systemd-networkd or NetworkManager will
>>>>>>>> result in the services systemd-networkd-wait-online or
>>>>>>>> NetworkManager-wait-online being enabled, which will complete once you have
>>>>>>>> an internet connection; systemd-timesyncd will run after these services and
>>>>>>>> thus the time will be set.
>>>>>>>>
>>>>>>>> Yet another thing you don't have to worry about if you just embrace
>>>>>>>> systemd...
>>>>>>>>
>>>>>>>> On Tue, Jul 9, 2024, at 6:23 AM, Michael via PLUG-discuss wrote:
>>>>>>>>
>>>>>>>> here is my history so you can see what chatgpt directed me to do:
>>>>>>>> bmike1@bmike1-desktop:~$ history
>>>>>>>>     1  xkill
>>>>>>>>     2  ls /home
>>>>>>>>     3  ls /home/bmike1/b
>>>>>>>>     4  ls /home/bmike1/
>>>>>>>>     5  nano ~/set_time_after_internet.sh
>>>>>>>>     6  chmod +x ~/set_time_after_internet.sh
>>>>>>>>     7  crontab -e
>>>>>>>>     8  alias aliasforsudo to sudo
>>>>>>>>     9  nano ~/.bashrc
>>>>>>>>    10  source ~/.bashrc
>>>>>>>>    11  aliasforsudo ls /root
>>>>>>>>    12  nano ~/.bashrc
>>>>>>>>    13  source ~/.bashrc
>>>>>>>>    14  aliasforsudo ls /root
>>>>>>>>    15  source ~/.bashrc
>>>>>>>>    16  aliasforsudo ls /root
>>>>>>>>    17  sudo visudo
>>>>>>>>    18  nano ~/set_time_after_internet.sh
>>>>>>>>    19  chmod +x ~/set_time_after_internet.sh
>>>>>>>>    20  crontab -e
>>>>>>>>    21  aliasforsudo ls /root
>>>>>>>>    22  SUDO
>>>>>>>>    23  sudo
>>>>>>>>    24  sudo cp /usr/bin/sudo /usr/bin/sudo.bak
>>>>>>>>    25  sudo tee /usr/bin/sudo <<EOF
>>>>>>>>    26  #!/bin/bash
>>>>>>>>    27  echo "The sudo command has been disabled."
>>>>>>>>    28  EOF
>>>>>>>>    29  sudo mv /usr/bin/sudo /usr/bin/sudo.bak
>>>>>>>>    30  echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>>> disabled."' | sudo tee /usr/bin/sudo
>>>>>>>>    31  aliasforsudo ls
>>>>>>>>    32  sudo ls
>>>>>>>>    33  # Create the dummy sudo script
>>>>>>>>    34  echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>>> disabled."' | sudo tee /usr/bin/sudo
>>>>>>>>    35  which sudo
>>>>>>>>    36  sudo
>>>>>>>>    37  su
>>>>>>>>    38  aliasforsudo
>>>>>>>>    39  aliasforsudo
>>>>>>>>    40  aliasforsudo
>>>>>>>>    41  sudo
>>>>>>>>    42  isud
>>>>>>>>    43  visudo
>>>>>>>>    44  aliasforsudo visudo
>>>>>>>>    45  aliasforsudo
>>>>>>>>    46  aliasforsudo ls
>>>>>>>>    47  sudo ls
>>>>>>>>    48  aliasforsudo ls
>>>>>>>>    49  sudo ls
>>>>>>>>    50  echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>>> disabled."' | sudo tee /usr/bin/sudo
>>>>>>>>    51  aliasforsudo mv /usr/bin/sudo /usr/bin/sudo.old
>>>>>>>>    52  echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>>> disabled."' | aliasforsudo tee /usr/bin/sudo
>>>>>>>>    53  aliasforsudo bash -c 'cat > /usr/bin/sudo <<EOF
>>>>>>>>    54  #!/bin/bash
>>>>>>>>    55  echo "The sudo command has been disabled."
>>>>>>>>    56  EOF'
>>>>>>>>    57  echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>>> disabled."' > sudo
>>>>>>>>    58  aliasforsudo mv sudo /usr/bin/sudo
>>>>>>>>    59  aliasforsudo ls
>>>>>>>>    60  su
>>>>>>>>    61  aliasforsudo ls
>>>>>>>>    62  sudo ls
>>>>>>>>    63  aliasforsudo passwd root
>>>>>>>>    64  su
>>>>>>>>    65  aliasforsudo sudo
>>>>>>>>    66  aliasforsudo ls
>>>>>>>>    67  sudo ls
>>>>>>>>    68  aliasforsudo visudo
>>>>>>>>    69  history
>>>>>>>> bmike1@bmike1-desktop:~$
>>>>>>>> switced user because sudo disabled
>>>>>>>> root@bmike1-desktop:/home/bmike1# history
>>>>>>>>     1  mount -oremount,rw /
>>>>>>>>     2  cp /usr/bin/sudo.bak /usr/bin/sudo
>>>>>>>>     3  chmod 4755 /usr/bin/sudo
>>>>>>>>     4  visudo
>>>>>>>>     5  mount -o remount,rw /
>>>>>>>>     6  cp /usr/bin/sudo.bak /usr/bin/sudo
>>>>>>>>     7  chmod 4755 /usr/bin/sudo
>>>>>>>>     8  su cmike1
>>>>>>>>     9  su bmike1
>>>>>>>>    10  sudo rm /usr/local/bin/sudo
>>>>>>>>    11  sudo rm /usr/local/bin/sudo_custom
>>>>>>>>    12  rm /usr/local/bin/sudo_custom
>>>>>>>>    13  nano ~/.bashrc
>>>>>>>>    14  which sudo
>>>>>>>>    15  rm /usr/local/bin/sudo
>>>>>>>>    16  which sudo
>>>>>>>>    17  sudo ls
>>>>>>>>    18  rm /usr/local/bin/sudo
>>>>>>>>    19  which sudo
>>>>>>>>    20  ls -l /usr/bin/sudo
>>>>>>>>    21  nano ~/.bashrc
>>>>>>>>    22  rm /usr/local/bin/sudo
>>>>>>>>    23  which sudo
>>>>>>>>    24  apt update
>>>>>>>>    25  apt install --reinstall sudo
>>>>>>>>    26  sudo ls
>>>>>>>>    27  apt update
>>>>>>>>    28  apt install --reinstall sudo
>>>>>>>>    29  which sudo
>>>>>>>>    30  sudo ls
>>>>>>>>    31  rm /usr/local/bin/sudo 2>/dev/null
>>>>>>>>    32  ls -l /usr/bin/sudo
>>>>>>>>    33  sudo ls
>>>>>>>>    34  visudo
>>>>>>>>    35  echo $PATH
>>>>>>>>    36  unalias sudo 2>/dev/null
>>>>>>>>    37  sudo
>>>>>>>>    38  chmod 4755 /usr/bin/sudo
>>>>>>>>    39  sudo
>>>>>>>>    40  echo "alias god='sudo'" >> ~/.bashrc
>>>>>>>>    41  source ~/.bashrc
>>>>>>>>    42  aliasforsudo ls
>>>>>>>>    43  tail -f /var/log/syslog
>>>>>>>>    44  apt --fix-broken install
>>>>>>>>    45  fg
>>>>>>>>    46  history
>>>>>>>> root@bmike1-desktop:/home/bmike1# su bmike1

>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jul 9, 2024 at 7:46 AM Michael <> wrote:
>>>>>>>>
>>>>>>>> chatgpt is being stupid. A couple of days ago it showed me how to
>>>>>>>> create an alias for sudo and then disable sudo while letting the alias
>>>>>>>> work. Well, I had a power fluctuation and that caused my box to to start
>>>>>>>> booting into busybox. So I reinstalled my system and now chatgpt doesn't
>>>>>>>> know how to disable sudo while allowing it's alias to work. So I turn to
>>>>>>>> you.
>>>>>>>>
>>>>>>>> --
>>>>>>>> :-)~MIKE~(-:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> :-)~MIKE~(-:
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list:
>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> :-)~MIKE~(-:
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> :-)~MIKE~(-:
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list:
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>
>>>>
>>>> --
>>>> :-)~MIKE~(-:
>>>>
>>>
>>
>> --
>> :-)~MIKE~(-:
>>


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss