kdesu and sudo
soul.rebel at web.de
Thu Apr 21 18:56:08 UTC 2005
> That's crap, and you know it. Give people access to a root account, and
> they inevitably use it when they shouldn't.
and how is it that you speak for 'people' ? how do you know how i use my root account? you can never stop ignorant people from doing follish things, the sudo concept wont stop a user from misusing root prevliges if he WANTS to do so.
> When I run a script out of my
> user account, it cannot do anything harmful, either. Unless I prefix it
> with "sudo" - and how, in effect, is that the slightest bit different than
> the old option of typing "su".
like fabien pointed out YES IT IS! a script or executable can contain a call to sudo without you knowing and it will do stuff as root! of course you can read through scripts before running them if you want to (although it should not be necessary) but i am not sure if you want to dissassemble your elf code before running it.
> You can _always_ install kdesu from Debian, and allow logins on the root
> account. You _have_ the choice.
> I'm not
> going to go to the trouble of rewriting what I think is a good piece of
> software for somebody who doesn't have a clue about security.
dont get personal.
> when I'm not a kubuntu developer in the first place.
than dont assume i am talking to you when i talk about coding in kubuntu, after all this is a mailing list!
> 2. kdesu has a checkbox to select between using "su" or "sudo",
> 3. The privileged, initial user (sudo) is given a complicated password, and
> treated almost the same as root user (of a traditional distro), hidden at
> the login user selection menu, and users are discouraged to login with it
> except administrative tasks,
> 4. Other user(s) created for daily work.
i dont approve of these steps, whats the point of having a kdesu, if your daily-work-account cant change time in kde?
> you could have any system command automatically invoke sudo every time
> anybody invoked it
ahhhh.... DO NOT. this would make it incompatible to non-sudo setup which is afterall still a legit way of setting ubuntu up! and whats the point of this anyway? you could just as easy (and senselessly...) setuid root on the command and have it be executable only by a certain user group!
the root account has long tradition in unix for reason, dont dispose of it that easily.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kubuntu-users