On Mon, 12 Jan 2015, Przemek Klosowski wrote:
There still needs to be an administrative access to the system, and the most common implementation by enabling 'sudo' on the non-privileged account. So, in a sense you are both right: this feature is just a small step rather than a security panaceum, but it does bring real improvements in several areas:
Disagree :P
- increases difficulty of the attack by banning stupid automated BF attacks on root
do you use PrzemekKlosowski as your username on your fedora? I doubt it. It is more likely to be przemek, klosowski or pklosowski. In fact, often this is revealed in mail headers (eg "sendmail invoked by user paul"). More often, people will have 2 to 4 character usernames. So this information is far from secret, and easilly guessable. Compared to the dictionary this does in fact not make the problem any harder at all. However, you have made legitimate automated root logins much harder now, like me calling rsync as root for backups, which are not easilly done wrapped in sudo :P
- improves accountability for administrative actions (we know which admin messed up :)
Nonsense. for non-malicious logins, sudo leaves as much as a trail as sshd which tells you which credentials were used to login. For malicious logins, once root access is obtained via password-less sudo, the evidence is removed from the logs. sudo offering a better audit trail is a misconception that's been around for years.
- allows more granularity in granting elevated privileges across a set of machines and admins
Nothing in the current setup is preventing you from allowing non-root remote access. Blocking direct root access does not "allow more granularity". You already have all the granularity if you want to use it. Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
