Using sudo to Keep Admins Honest? sudon't!

Alexander Jacob Tsykin stsykin at gmail.com
Sat Nov 4 07:17:03 GMT 2006 

Firstly, preventing a browser from ebing able to run something as root _is_ 
security, and frankly, him saying that it's not without bothering to explain 
why is weak, and jsut shows that he has no real argument, and simply dislikes 
sudo because he considers it inconvenient. If that is that case, jsut type 
sudo -i and be doen with it. Of course, this removes the advantage of not 
having root shells ever left unattended, but it does remove the 
inconvenience.

As for his argument, that systems administrators shoudl never be audited 
because if they are not trusted, they shoudl nto be systems administrators, 
that is simply stupid. No major company int eh world woudl say that all of 
its systems administrators are trustworthy because they have not yet been 
foudn to eb otherwise, of course audits are necessary. This becomes even more 
important with government where information critical to national security can 
be accessed if the appropriate priveleges are obtained. Logs are crucially 
necessary. Additionally, what happens if a systems administrator makes a 
mistake. They are not infallible. If logs are available, then their mistake 
can be tracked.

While the argument about the passwords being logged by a program woudl seem 
initially to eb cogent, consider, if the program can log the sudo password, 
they can also log the root password when it is typed in. There are no 
technical difficulties that would thi sany different (to the best of my 
knowledge). And having one password for system access instead of two (one to 
log in and then the root password) should not matter if a strong password 
with capital letters, lower case letters, adn numbers is used, preferably in 
a seemingly random arrangement, and particularly not based on birthdays, 
names, or other words.

I also used to be what this man calls a "sudo doubter," but I was converted, 
because I find it very convenient becuase, very simply, it allows the 
restriction fo priveleges. On a multi user system, aI can ensure that the 
various memebrs of my family if they use my computer cannot do anythign 
harmful to it out of a lack of knowledge for Linux. To do the same thing with 
root, I woudl have to remember an additional password. This way, I jsut don't 
allow them to use a sudo account.

Sasha

More information about the sounder mailing list