this post was submitted on 03 Jan 2024
81 points (85.2% liked)

Linux

48002 readers
944 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I've just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.

I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.

I never went on any particularly shady websites, but I also don't remember exactly which websites I've been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn't go very smoothly and I was searching up error messages trying to get it to work.

This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I'm now realizing I shouldn't have) but no one seems to be discussing how risky it actually is. Shouldn't Firefox be sandboxing every website and not allowing anything to access the base system? Between "just stop doing it" and "you have to reinstall the OS right now there's probably already a virus on there," how much danger do you suppose I'm in? I'm mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?

you are viewing a single comment's thread
view the rest of the comments
[–] exu@feditown.com 4 points 10 months ago (1 children)

You could implement NOPASS for the specific commands you need for a service user. Still better than just using root.

[–] taladar@sh.itjust.works -1 points 10 months ago (4 children)

In what way would that be more secure? That would just allow anyone with access to the regular account to run those commands at any time.

[–] bluespin@lemmy.world 4 points 10 months ago (1 children)

Are you asking why it's more secure to surface a few commands without password rather than all of them..?

[–] taladar@sh.itjust.works -2 points 10 months ago

I am asking why it is considered to be more secure for the use case where you aren't limiting access to a few commands because it is access meant for all kinds of admin tasks, not just one specific one (as in access for the people who need to fix unexpected problems among other things).

[–] exu@feditown.com 4 points 10 months ago (1 children)

You can allow only specific commands and options. See my config for example.

https://gitea.exu.li/exu/configs/src/commit/f1b6d459b974d6c2f831d724df59881d5f848854/arch-config/etc/sudoers.d/wheel

You can limit this to a specific user as well.

Anyone who hacks into the account can now only run those tightly defined commands and no others. Compared to root, who can run anything.

[–] taladar@sh.itjust.works -3 points 10 months ago

I am well aware that sudo can limit which commands you run but so can force_command in authorized_keys if you really need that functionality.

[–] chameleon@kbin.social 3 points 10 months ago (1 children)

Realistically, there is only a trivial pure security difference between logging in directly to root vs sudo set up to allow unrestricted NOPASS access to specific users: the attacker might not know the correct username when trying to brute force. That doesn't matter in the slightest unless you have password auth enabled with trivial passwords.

But there is a difference in the ability to audit what happened after the fact if you have any kind of service storing system logs remotely or in a tamper-proof way. If there's more than one admin user on a service, that is very very important. Knowing where the compromise happened is absolutely essential to make things safe.

If there's only ever going to be one administrative user (personal machine), logging in directly as root for manual administrative tasks is fine: you already know who the user is. If there's any chance there might be more administrative users later (small but growing business), you should consider doing it right from the start.

[–] taladar@sh.itjust.works 1 points 10 months ago (1 children)

I was aware of the login UID for auditd logging as a difference but as you say, that is only really helpful if the logs are shipped somewhere else or tampering with them is otherwise prevented for admin users. It is not quite the same but the auth.log entries sshd produces on login also contain the key fingerprint used to login these days so on a more limited scale you can at least tell who logged in when from those (or whose key but that is no different than whose account for the sudo approach).

you should consider doing it right from the start.

Do you have any advice on how to use the sudo approach without having a huge slow down in every automated process that requires ssh user@host calls for manual password entry? I am aware of Ansible but I am honestly very sceptical of Python tools since they tend to break easily and often from my past experiences and I would like to avoid using additional ones for critical tasks. Plus Ansible in particular seemed to be very late with their Python 3 transition, as I recall I uninstalled it when it was one of the last tools left that did not work with Python 3.

[–] chameleon@kbin.social 2 points 10 months ago* (last edited 10 months ago)

Well, my recommendations for anything semi-automated would be Ansible and Fabric/Invoke. Fabric is also a Python tool (though it's only used on the controlling side, unlike Ansible), so if that's a no-go, I'm afraid I don't have much to offer.

[–] 4am@lemm.ee 1 points 10 months ago (1 children)

I thought your passwordless passphrase passkey ssh connection that is superior to passwords was secure. Is it not?

[–] taladar@sh.itjust.works -2 points 10 months ago

It is. That is the whole point. Why would I make extra unprivileged accounts that can run any command I need to run as root at any time without a password on the system just to avoid it. That just increases the attack surface via any other vector by giving an attacker accounts to choose from to break into.