Re: edit root alias when installing the OS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2006-01-08 at 13:21 +1030, n0dalus wrote:
> If there are admins that you can't trust 100% with the root password,
> you shouldn't be giving them sudo access either (unless you really
> tighten down sudoers and deny-by-default, which probably won't come as
> a default configuration).

You use sudo because you can then revoke access to individual admins. If
everyone knows the root password, the only way to revoke access is to
change the root password. Then you have to inform all the other admins.

And if the root password is leaked? How do you know who leaked it? Who
do you fire? You may never know.

With sudo, you'll know who's password was leaked or cracked.

A multiple admin scenario is exactly why sudo exists.

> Weak passwords are not sudo's fault, but statistically the more users
> in sudoers the easier it becomes to get root access. It doesn't matter
> how strong the passwords are.

How many admins are you expecting here? The more admins you have, the
more sudo becomes preferable due to the above problem.

> Putting users by default into an
> allow-everything sudoers is weakening one of UNIX's most effective
> layers of security.

Wait, which one is that? Traditional unix's all-or-nothing approach to security is probably its biggest design flaw. (Hence why SELinux exists.)

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux