On Sun, 2006-01-08 at 13:21 +1030, n0dalus wrote: > If there are admins that you can't trust 100% with the root password, > you shouldn't be giving them sudo access either (unless you really > tighten down sudoers and deny-by-default, which probably won't come as > a default configuration). You use sudo because you can then revoke access to individual admins. If everyone knows the root password, the only way to revoke access is to change the root password. Then you have to inform all the other admins. And if the root password is leaked? How do you know who leaked it? Who do you fire? You may never know. With sudo, you'll know who's password was leaked or cracked. A multiple admin scenario is exactly why sudo exists. > Weak passwords are not sudo's fault, but statistically the more users > in sudoers the easier it becomes to get root access. It doesn't matter > how strong the passwords are. How many admins are you expecting here? The more admins you have, the more sudo becomes preferable due to the above problem. > Putting users by default into an > allow-everything sudoers is weakening one of UNIX's most effective > layers of security. Wait, which one is that? Traditional unix's all-or-nothing approach to security is probably its biggest design flaw. (Hence why SELinux exists.)
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
