Re: Orwell's 1984 from Freedesktop,org?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, January 23, 2015 2:05 pm, Warren Young wrote:
> On Jan 23, 2015, at 12:35 PM, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx>
> wrote:
>
>> As a matter of fact I tend to not use GUI admin tools since long ago.
>
> Bring back Xconfigurator!
>
>> I do prefer 3ware web RAID admin
>> interface anything else (it more transparently prevents me from making
>> fatal blunders - probably just me).
>
> No, not just you.  tw_cli is needlessly confusing in its command
> structure.
>
> Compare the operation of the ZFS and btrfs command line tools, to see how
> it should have been done.
>
>> And yes, disabling root user and having sudo instead is on my evil list
>> too: yet another SUID-ed binary, and potential holes due to some garbage
>> in config file?
>
> Given how old and battle tested sudo is, I think we can trust it.
>
> My only remaining unease comes from the fact that the sudo binary is about
> 4x the size of su.
>
> Still, I?m glad RH finally made it usable out of the box with EL7.  The
> default config in prior versions was only usable by root, which made it
> little other than an alias for su.
>
>> BTW, su (with the same password for root as regular user
>> has), and attempt to use sudo are the fist two things bad guys try when
>> they log in with stolen password of regular user (after a compromise of
>> machine elsewhere).
>
> So don?t use the password for root or sudo-capable users elsewhere.  If
> you don?t know for a fact that the connection is secure and the password
> is securely hashed, use a different password.

That is exactly what I meant to say to everybody (if you read the rest of
what I wrote you will realize that I don't make blunders of this
magnitude!). Thanks for spelling it out in more plain Engish language than
I managed to ;-)

Valeri

>
> Sudo offers many advantages that sudo does not, which counterbalance its
> risks, IMHO.

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux