cross-platform virus

[Shawn McMahon]

On Sun, Apr 09, 2006 at 10:41:36PM +1000, Sasha Tsykin said:
> >
> I have used Debian, Fedora, Gentoo, Sorcerer, Source Mage, Suse both 
> before and after Novell's acquisition, and afterwards Opensuse, Mandriva 
> and Mandrake. None have used sudo instead of su as Ubuntu does. These 
> are actually most of the major distributions (and a couple which are not 
> so major) so I don't see how one can argue that there are many Linux 
> distributions which agree with this position.

I think I see the problem here.  You don't understand how sudo works.

sudo isn't something you use instead of having a root account.  sudo is
something you use to give people escalated privileges with improved
logging, and to give them only the escalation they need.  You can't NOT
have a root account, normally. 

I'm not familiar with a couple of those distributions you mention, but
the rest all ship sudo, and recommend its use for pretty much exactly
what we're discussing.  In particular, RedHat, Fedora, and SuSE all
install sudo by default.  (At least SuSE used to; I haven't played with
recent versions.)

Now, for a single user system, many of the benefits of sudo are indeed
overkill; however, for any enterprise, tools for controlling the
escalation of provilege are absolutely essential for maintaining a
secure environment.  And it's not just used for escalation to root; it's
used for escalation of privilege to any account on the system.

Ubuntu has a root account, just as do all of those distributions and
every UNIX for that matter.  The only thing Ubuntu does differently than
some of them is lock the root password, and frankly the others are
clinging to antiquated concepts from non-PC UNIX hardware when they
don't do the same.

In an enterprise, people frequently have to perform duties that require
access to accounts for which it is not desirable that they have full
unfettered access.  While sudo isn't the only way to achieve this, it's
the most commonly-used way.

If we didn't have sudo at the Fortune 100 corporation where I work, we'd
have to change the root password on thousands of servers every time any
of hundreds of different people changed job responsibilities; and when
you count the non-root things we do with sudo, it'd be thousands of
people, not hundreds.  My entire job would consist of changing the root
password all day every day on the hundreds of UNIX/Linux servers for
which I bear part of the administration responsibility.

Is sudo necessary on a single-user home system?  No, it's not.  But it
or something like it is necessary on anything non-trivial, and there's
little point in teaching people to do things the wrong way.

Further, on single-user systems, making people remember two passwords
may seem on the surface to be more secure, but in the long run it isn't,
as they either will choose an awful root password so they can remember
it more easily, or will just make it the same as their user password.

Further, if you have to log in as root to install things, people will be
more tempted to su to root or log into the console as root and just do
all sorts of things that way, that don't require the access.  For
example, which of these is more secure:

su -
./configure
make
make install
run your program

or...

./configure
make
sudo make install
run your program

I, as a UNIX administrator for a Fortune 100 company that every single
person reading this list has heard of (hint; we're big enough that we
advertise in every Super Bowl halftime, our company name is commonly
used as a verb, and we have employees in every country including Iraq
and Afghanistan), who has as a primary job responsibility security
and SOX-404 compliance, believe it's the latter.  I can tell you
from much experience that without sudo or op or something similar,
even experienced administrators will do the former.  Oh, sure, you
can do this:

./configure
make
su -c 'make install'
run program

...but people won't.  And further, you'll be using a different method of
logging that on every platform, whereas with sudo, you're using the
exact same method to log it everywhere, making it easier to consolidate
said logs to prove SOX compliance.

There is no such thing as using sudo instead of having a root account;
there is such a thing as using sudo instead of giving out or even having
a root password, and that is something different than what you've been
saying.  However, there is an argument for using a root password instead
of sudo; all the benefits of that cease in any non-trivial application,
but certainly in the most trivial cases it's arguable.


-- 
   Shawn McMahon    | Ubuntu: an ancient African word meaning "I am sick
   EIV Consulting   | of compiling Gentoo".
 http://www.eiv.com |                       - Jeff Waugh (paraphrased)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/sounder/attachments/20060409/24269ad1/attachment.pgp