disable sudo but allow it's alias to work
Snyder, Alexander J
alexander at snyderfamily.co
Tue Jul 9 11:32:26 MST 2024
Security through Obscurity isn't a good methodology to adopt.
It's kind of like my logic in the very early 00s, thinking that if my
primary Windows partition were "D:/" instead of "C:/", I'd be safer.
If you're concerned about a malicious script, then just don't ever run
things without first reading them ... Which is why things like "PiHole"
offer you the ability to pipe their setup script directly to BASH, but also
warm about how dangerous that is.
If anyone were to REALLY compromise your system, they are doing so with
exploits that do not rely on the naked use of "sudo" ... Those folks are
going to get you through buffer overflow attacks and other wildly ingenious
ways I can't even begin to fathom.
Disabling sudo and enabling an alias of the same function, will protect you
from 14 year old kids on 4Chan, but not anyone who truly wants to do you
harm.
--
Thanks,
Alexander
Sent from my Google Pixel 7 Pro
On Tue, Jul 9, 2024, 10:36 Michael <bmike1 at gmail.com> wrote:
> security so I don't get I script that say sudo -rf or..... I guess I don't
> really need to worry about that, huh?
>
> On Tue, Jul 9, 2024 at 1:33 PM Snyder, Alexander J <
> alexander at snyderfamily.co> wrote:
>
>> Why?
>>
>> What's the end goal? What are you trying to achieve?
>>
>> --
>> Thanks,
>> Alexander
>>
>> Sent from my Google Pixel 7 Pro
>>
>> On Tue, Jul 9, 2024, 10:17 Michael <bmike1 at gmail.com> wrote:
>>
>>> Good question! I want to disable sudo while allowing its alias to work
>>>
>>> On Tue, Jul 9, 2024 at 12:29 PM Snyder, Alexander J <
>>> alexander at snyderfamily.co> wrote:
>>>
>>>> I think I lost the thread of this discussion somewhere along the way.
>>>> What is your desired outcome with this, Michael?
>>>>
>>>> Regardless of the journey, what are you hoping to achieve in the end?
>>>>
>>>> --
>>>> Thanks,
>>>> Alexander
>>>>
>>>> Sent from my Google Pixel 7 Pro
>>>>
>>>> On Tue, Jul 9, 2024, 09:09 Michael via PLUG-discuss <
>>>> plug-discuss at lists.phxlinux.org> wrote:
>>>>
>>>>> and I reinstalled my system and got sudo and my alias to work. ai told
>>>>> me to change the permissions of sudo but..... wait I could create an
>>>>> instance of sudo closer up the path and change it's permissions. that
>>>>> should work.
>>>>>
>>>>> On Tue, Jul 9, 2024 at 12:05 PM Michael <bmike1 at gmail.com> wrote:
>>>>>
>>>>>> I'm not antisystemd but that is how ai told me to do it
>>>>>>
>>>>>>
>>>>>> On Tue, Jul 9, 2024 at 10:28 AM Ryan Petris <ryan at petris.net> wrote:
>>>>>>
>>>>>>> I don't have an answer for you on the sudo bit, but I saw this in
>>>>>>> your history:
>>>>>>>
>>>>>>> 5 nano ~/set_time_after_internet.sh
>>>>>>> 6 chmod +x ~/set_time_after_internet.sh
>>>>>>>
>>>>>>>
>>>>>>> Not sure if you're anti-systemd or not, but if you use
>>>>>>> systemd-networkd (or even NetworkManager) along with systemd-timesyncd,
>>>>>>> this is exactly what happens, the time is set after you get an internet
>>>>>>> connection.
>>>>>>>
>>>>>>> At least on Arch, enabling systemd-networkd or NetworkManager will
>>>>>>> result in the services systemd-networkd-wait-online or
>>>>>>> NetworkManager-wait-online being enabled, which will complete once you have
>>>>>>> an internet connection; systemd-timesyncd will run after these services and
>>>>>>> thus the time will be set.
>>>>>>>
>>>>>>> Yet another thing you don't have to worry about if you just embrace
>>>>>>> systemd...
>>>>>>>
>>>>>>> On Tue, Jul 9, 2024, at 6:23 AM, Michael via PLUG-discuss wrote:
>>>>>>>
>>>>>>> here is my history so you can see what chatgpt directed me to do:
>>>>>>> bmike1 at bmike1-desktop:~$ history
>>>>>>> 1 xkill
>>>>>>> 2 ls /home
>>>>>>> 3 ls /home/bmike1/b
>>>>>>> 4 ls /home/bmike1/
>>>>>>> 5 nano ~/set_time_after_internet.sh
>>>>>>> 6 chmod +x ~/set_time_after_internet.sh
>>>>>>> 7 crontab -e
>>>>>>> 8 alias aliasforsudo to sudo
>>>>>>> 9 nano ~/.bashrc
>>>>>>> 10 source ~/.bashrc
>>>>>>> 11 aliasforsudo ls /root
>>>>>>> 12 nano ~/.bashrc
>>>>>>> 13 source ~/.bashrc
>>>>>>> 14 aliasforsudo ls /root
>>>>>>> 15 source ~/.bashrc
>>>>>>> 16 aliasforsudo ls /root
>>>>>>> 17 sudo visudo
>>>>>>> 18 nano ~/set_time_after_internet.sh
>>>>>>> 19 chmod +x ~/set_time_after_internet.sh
>>>>>>> 20 crontab -e
>>>>>>> 21 aliasforsudo ls /root
>>>>>>> 22 SUDO
>>>>>>> 23 sudo
>>>>>>> 24 sudo cp /usr/bin/sudo /usr/bin/sudo.bak
>>>>>>> 25 sudo tee /usr/bin/sudo <<EOF
>>>>>>> 26 #!/bin/bash
>>>>>>> 27 echo "The sudo command has been disabled."
>>>>>>> 28 EOF
>>>>>>> 29 sudo mv /usr/bin/sudo /usr/bin/sudo.bak
>>>>>>> 30 echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>> disabled."' | sudo tee /usr/bin/sudo
>>>>>>> 31 aliasforsudo ls
>>>>>>> 32 sudo ls
>>>>>>> 33 # Create the dummy sudo script
>>>>>>> 34 echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>> disabled."' | sudo tee /usr/bin/sudo
>>>>>>> 35 which sudo
>>>>>>> 36 sudo
>>>>>>> 37 su
>>>>>>> 38 aliasforsudo
>>>>>>> 39 aliasforsudo
>>>>>>> 40 aliasforsudo
>>>>>>> 41 sudo
>>>>>>> 42 isud
>>>>>>> 43 visudo
>>>>>>> 44 aliasforsudo visudo
>>>>>>> 45 aliasforsudo
>>>>>>> 46 aliasforsudo ls
>>>>>>> 47 sudo ls
>>>>>>> 48 aliasforsudo ls
>>>>>>> 49 sudo ls
>>>>>>> 50 echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>> disabled."' | sudo tee /usr/bin/sudo
>>>>>>> 51 aliasforsudo mv /usr/bin/sudo /usr/bin/sudo.old
>>>>>>> 52 echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>> disabled."' | aliasforsudo tee /usr/bin/sudo
>>>>>>> 53 aliasforsudo bash -c 'cat > /usr/bin/sudo <<EOF
>>>>>>> 54 #!/bin/bash
>>>>>>> 55 echo "The sudo command has been disabled."
>>>>>>> 56 EOF'
>>>>>>> 57 echo -e '#!/bin/bash\necho "The sudo command has been
>>>>>>> disabled."' > sudo
>>>>>>> 58 aliasforsudo mv sudo /usr/bin/sudo
>>>>>>> 59 aliasforsudo ls
>>>>>>> 60 su
>>>>>>> 61 aliasforsudo ls
>>>>>>> 62 sudo ls
>>>>>>> 63 aliasforsudo passwd root
>>>>>>> 64 su
>>>>>>> 65 aliasforsudo sudo
>>>>>>> 66 aliasforsudo ls
>>>>>>> 67 sudo ls
>>>>>>> 68 aliasforsudo visudo
>>>>>>> 69 history
>>>>>>> bmike1 at bmike1-desktop:~$
>>>>>>> switced user because sudo disabled
>>>>>>> root at bmike1-desktop:/home/bmike1# history
>>>>>>> 1 mount -oremount,rw /
>>>>>>> 2 cp /usr/bin/sudo.bak /usr/bin/sudo
>>>>>>> 3 chmod 4755 /usr/bin/sudo
>>>>>>> 4 visudo
>>>>>>> 5 mount -o remount,rw /
>>>>>>> 6 cp /usr/bin/sudo.bak /usr/bin/sudo
>>>>>>> 7 chmod 4755 /usr/bin/sudo
>>>>>>> 8 su cmike1
>>>>>>> 9 su bmike1
>>>>>>> 10 sudo rm /usr/local/bin/sudo
>>>>>>> 11 sudo rm /usr/local/bin/sudo_custom
>>>>>>> 12 rm /usr/local/bin/sudo_custom
>>>>>>> 13 nano ~/.bashrc
>>>>>>> 14 which sudo
>>>>>>> 15 rm /usr/local/bin/sudo
>>>>>>> 16 which sudo
>>>>>>> 17 sudo ls
>>>>>>> 18 rm /usr/local/bin/sudo
>>>>>>> 19 which sudo
>>>>>>> 20 ls -l /usr/bin/sudo
>>>>>>> 21 nano ~/.bashrc
>>>>>>> 22 rm /usr/local/bin/sudo
>>>>>>> 23 which sudo
>>>>>>> 24 apt update
>>>>>>> 25 apt install --reinstall sudo
>>>>>>> 26 sudo ls
>>>>>>> 27 apt update
>>>>>>> 28 apt install --reinstall sudo
>>>>>>> 29 which sudo
>>>>>>> 30 sudo ls
>>>>>>> 31 rm /usr/local/bin/sudo 2>/dev/null
>>>>>>> 32 ls -l /usr/bin/sudo
>>>>>>> 33 sudo ls
>>>>>>> 34 visudo
>>>>>>> 35 echo $PATH
>>>>>>> 36 unalias sudo 2>/dev/null
>>>>>>> 37 sudo
>>>>>>> 38 chmod 4755 /usr/bin/sudo
>>>>>>> 39 sudo
>>>>>>> 40 echo "alias god='sudo'" >> ~/.bashrc
>>>>>>> 41 source ~/.bashrc
>>>>>>> 42 aliasforsudo ls
>>>>>>> 43 tail -f /var/log/syslog
>>>>>>> 44 apt --fix-broken install
>>>>>>> 45 fg
>>>>>>> 46 history
>>>>>>> root at bmike1-desktop:/home/bmike1# su bmike1
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 9, 2024 at 7:46 AM Michael <bmike1 at gmail.com> wrote:
>>>>>>>
>>>>>>> chatgpt is being stupid. A couple of days ago it showed me how to
>>>>>>> create an alias for sudo and then disable sudo while letting the alias
>>>>>>> work. Well, I had a power fluctuation and that caused my box to to start
>>>>>>> booting into busybox. So I reinstalled my system and now chatgpt doesn't
>>>>>>> know how to disable sudo while allowing it's alias to work. So I turn to
>>>>>>> you.
>>>>>>>
>>>>>>> --
>>>>>>> :-)~MIKE~(-:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> :-)~MIKE~(-:
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> :-)~MIKE~(-:
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> :-)~MIKE~(-:
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list: PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>
>>> --
>>> :-)~MIKE~(-:
>>>
>>
>
> --
> :-)~MIKE~(-:
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20240709/4eb6b75a/attachment.htm>
More information about the PLUG-discuss
mailing list