What’s Up With the Lack of Permissions Discussion?
When discussing sudo permissions, it always seems that it is at most glazed over, but at worst completely reduced to seemingly no importance. Many posts or instructional videos will show setting up a user with sudo privileges, but not actually dig down into details like the importance of only doing the minimum permissions required. Certain use cases that go beyond the single-user personal computer need higher security, so setting up users with full sudo access that don’t need it is careless in an instructional setting, let alone careless to yourself to begin with. The way sudo is presented in most public content, it is framed as if a user either does or doesn’t have superuser privileges. Clearly, there is much more to sudo than that.
Another case of carelessness I’ve seen is completely foregoing setting up a new user with sudo in the first place and doing every task as root. There is a time and a place where using root might be necessary, but there are many more times when setting up a user with sudo access and locking the root account is the best way to go. Root can basically go undetected in logs for any action it takes, and this is scary if someone is able to gain access to your machine. Only running as root can be seen as the equivalent of leaving all the doors in your house wide open while you’re away on vacation: Sure, someone would have to find a way to your house first (gain remote or physical access to your computer), but once they’re there, what’s stopping them from taking everything inside? This is why root-only usage is not best practice.
Setting up users with the minimum amount of permissions needed is always the way to go, regardless of whether it’s an enterprise environment or your personal computer. There’s no better pain in a malicious actor’s backend than realizing the extent of a user’s sudo privileges is nowhere near what they need to do their damage. Think of tasks you realistically do on a daily basis, for example. This can vary widely from person to person, but let’s say the extent of your need for sudo is for package maintenance: updating, installing, and removing packages is all you realistically need to do on a daily basis in this case. So what would be the real harm in restricting your daily driver user account to only have sudo access for these functions? If that’s truly the only thing you ever need daily, then it won’t be an inconvenience, and you can have an additional account with more sudo privileges if you ever need to do more. Utilizing this method, if your user ever gets infected or compromised, you’ve effectively safeguarded your computer from further damage. Even though this is usually best practice for less knowledgeable users’ permissions, it’s not a bad idea to utilize it for yourself as well. It’s taking a Standard User and Admin User style approach to permissions, more like how you would preferably have a Windows machine.
When setting up sudo permissions for only certain applications, you also have to watch out for the nasty ways someone can still escalate their permissions through the access they have. A common form of this is being able to execute shell commands through text editors like Vim. If you’re not careful and don’t ensure their permissions in the sudoers file include NOEXEC, they can execute commands from Vim and BOOM, they’ve escalated their permissions to the undetectable root user. This also applies if they need access to run shell scripts. Now they can’t run shell commands due to NOEXEC in their sudoers permissions, but if they have sudo permissions to run certain shell scripts while also having access to edit those scripts, you’re still in a world of hurt. All they need to do is add escalation commands into the scripts after they already have permission to run said scripts, and once again, you’ve got a huge problem. Always be aware of the nuances regarding sudo permissions, as exploits like these won’t always be an apparent side effect but will leave you no better off than you started.
Although this was a mini rant due to seeing a high occurrence of sudo omission, I couldn’t encourage enough the inclusion of more detailed and appropriate sudo setups in creators’ content. As someone who started from no knowledge, just like everyone else, I look back on the videos and media I consumed early on and I wish I would have seen more examples of the importance of sudo and security hardening as a whole. A lot of these instructionals on how to set up a home server exposed to the internet have an amazing lack of detail regarding operating system security, considering the amount of exposure to threats it introduces. I guess if getting you hacked was secretly their plan, then it makes sense that they would make you assume no additions to sshd_config and sudoers was perfectly okay and normal…