On 03/28/2012 01:19 PM, Joe Zeff wrote:
On 03/28/2012 08:29 AM, Reindl Harald wrote:
on a usual desktop PC with a standard-user it is a VERY bad
idea because any attacker only needs to try "sudo anything"
to get full control over the machine
My thoughts exactly. Except under very unusual circumstances I'm the
only person who ever uses this PC, but I don't have sudo set up with
nopassword. In fact, as I know the root password (being the person who
installed Fedora) I don't have sudo set up at all. AIUI, sudo was
written to allow people *who don't have the root password* limited
access to administrative commands.
Yes, I understand that there are times you have to use sudo instead of
su in a production environment to ensure that everything gets logged,
but I've never understood why anybody would do it at home. YMMV and all
that jazz, but if this is a home box, I'd suggest asking yourself why
you're bothering with sudo in the first place.
The only real issue there is I'm usually running multiple consoles and I
don't always pay enough attention to keep track of which console is
running root. If I use sudo I know that I can't do anything stupid in a
console that will trash the system. I may blow up my own crap, but
that's why we have backups. And that's why sudo is much safer to use
than logging in as root, at least from the command line.
--
Mark Haney
Software Developer/Consultant
AB Emblem
markh@xxxxxxxxxxxx
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
