On Tue, Jun 19, 2007 at 02:23:18PM +0930, n0dalus wrote: > Giving some users sudo access by default can easily make things less > secure. It means that accessing root becomes as easy as finding a > standard users' password. If there is some exploit successfully > executed on the user's account, I estimate chances are very high that > they can find the account's password saved in either the browser or > desktop environment settings and quickly gain root access. If they can compromise the user account of a system administrator who ever uses su or one of the usermode-enabled applications, the root password is very quickly suspect. This is largely a false sense of security. > While some people take the effort to use a different root password and > keep it separate from other passwords, very few people separate their > user account password from the myriad of other authentications, and > they shouldn't have to. It's reasonable and sensible that people reuse > their more trivial passwords, and for them to save their commonly used > passwords in commonly used applications. Yes, well, a system administrator enabled password isn't one of those trivial passwords. I agree with your point about myriads of passwords, but it's vital to recognize which ones are actually important. I'm not sure encouraging horrible password practice should be a design goal. > To my recollection, these are said advantages of sudo: (I will discuss > them and ways of implementing them without needing regular users to be > in sudoers directly) > 1) Don't have to repeat password as often > For people who want this feature, it is better written as a pam module > instead, which would allow it to be used for su, sudo and any other > access mechanisms (very extensible). Exists already. [...] > The usual way this is done is by having separate user accounts (one > for each person that needs root access) which are meant to exclusively > be used for doing privilege escalation. So people have a separate > account for their day-to-day work and their web browsing and document > writing, and su in to the special account to use sudo from there. This seems unrealistic. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
