cross-platform virus

[Sasha Tsykin]

Shawn McMahon wrote:
> On Sun, Apr 09, 2006 at 10:41:36PM +1000, Sasha Tsykin said:
>> I have used Debian, Fedora, Gentoo, Sorcerer, Source Mage, Suse both 
>> before and after Novell's acquisition, and afterwards Opensuse, Mandriva 
>> and Mandrake. None have used sudo instead of su as Ubuntu does. These 
>> are actually most of the major distributions (and a couple which are not 
>> so major) so I don't see how one can argue that there are many Linux 
>> distributions which agree with this position.
> 
> I think I see the problem here.  You don't understand how sudo works.
> 
> sudo isn't something you use instead of having a root account.  sudo is
> something you use to give people escalated privileges with improved
> logging, and to give them only the escalation they need.  You can't NOT
> have a root account, normally. 
> 
ok
> I'm not familiar with a couple of those distributions you mention, but
> the rest all ship sudo, and recommend its use for pretty much exactly
> what we're discussing.  In particular, RedHat, Fedora, and SuSE all
> install sudo by default.  (At least SuSE used to; I haven't played with
> recent versions.)
> 
none of them come with sudo configured however, and most users don't bother.
> Now, for a single user system, many of the benefits of sudo are indeed
> overkill; however, for any enterprise, tools for controlling the
> escalation of provilege are absolutely essential for maintaining a
> secure environment.  And it's not just used for escalation to root; it's
> used for escalation of privilege to any account on the system.
> 
thank you, I didn't know that
> Ubuntu has a root account, just as do all of those distributions and
> every UNIX for that matter.  The only thing Ubuntu does differently than
> some of them is lock the root password, and frankly the others are
> clinging to antiquated concepts from non-PC UNIX hardware when they
> don't do the same.
> 
I know this, but all of the do it, without any issue. This is actually 
one of the biggest problems other Linux people face when migrating to 
sudo, they have no idea ow to access root permissions, and of course if 
we think that we know Linux the "we don't need to read the 
wiki/documentation." I was guilty of this too so I have a personal 
outlook on it.
<snip>
> Further, on single-user systems, making people remember two passwords
> may seem on the surface to be more secure, but in the long run it isn't,
> as they either will choose an awful root password so they can remember
> it more easily, or will just make it the same as their user password.
> 
but the same arguments apply to their normal password, most people 
choose an awful password, so here it is no particular difference.
> Further, if you have to log in as root to install things, people will be
> more tempted to su to root or log into the console as root and just do
> all sorts of things that way, that don't require the access.  For
> example, which of these is more secure:
> 
> su -
> ./configure
> make
> make install
> run your program
> 
I certainly never did this when I was using other distributions.

Sasha