On 1/5/06, Tommy Reynolds <Tommy.Reynolds@xxxxxxxxxxxxx> wrote:
Seems to me that there is a need for a system-config-sudo from someone who understands it all. I am ashamed to say that I have very little about it.Uttered n0dalus <n0dalus+redhat@xxxxxxxxx>, spake thus:
> I know other distributions do this, but I don't think it is a good
> idea. Adding the first user to /etc/sudoers means that any malware
> only needs to get that user's password, or get itself to run after you
> use sudo, and then it gets root access.
>
> I don't see what is wrong with using su.
1) Once any non-admin learns the root password, everybody knows the root
password. And unless the admin wants to do every trivial admin
activity, the root password must be given out and thus compromized.
2) Root logins are security problems because you can't tell which
human actually logged on in the guise of root. Whom do you fire,
even if you figure out what was done?
3) Sudo(1) allows fine control over which programs a user can run as
any other user.
4) With sudo(1), an authenticated user must reauthenticate to run a
program as another user. (Trusted users need not reauthenticate.)
5) Sudo(1) logs the activity so you will have an audit trail. System
console, and syslog.
Using sudo(1) is a big security win. Unfortunately, the man(1) page
is a bit confusing for newbies and using su(8) seems so convenient.
But with a small setup step, I can safely allow:
$ sudo rpm -Uvh /path/to/a/package
to be run by a trusted user because I'll get notices about it the
attempt, its success or failure, as well as getting a record about
what command line was used.
HTH
--
As a boy I jumped through Windows, as a man I play with Penguins.
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
