Using sudo to Keep Admins Honest? sudon't!
Alexander Jacob Tsykin
stsykin at gmail.com
Sat Nov 4 07:17:03 GMT 2006
Firstly, preventing a browser from ebing able to run something as root _is_
security, and frankly, him saying that it's not without bothering to explain
why is weak, and jsut shows that he has no real argument, and simply dislikes
sudo because he considers it inconvenient. If that is that case, jsut type
sudo -i and be doen with it. Of course, this removes the advantage of not
having root shells ever left unattended, but it does remove the
inconvenience.
As for his argument, that systems administrators shoudl never be audited
because if they are not trusted, they shoudl nto be systems administrators,
that is simply stupid. No major company int eh world woudl say that all of
its systems administrators are trustworthy because they have not yet been
foudn to eb otherwise, of course audits are necessary. This becomes even more
important with government where information critical to national security can
be accessed if the appropriate priveleges are obtained. Logs are crucially
necessary. Additionally, what happens if a systems administrator makes a
mistake. They are not infallible. If logs are available, then their mistake
can be tracked.
While the argument about the passwords being logged by a program woudl seem
initially to eb cogent, consider, if the program can log the sudo password,
they can also log the root password when it is typed in. There are no
technical difficulties that would thi sany different (to the best of my
knowledge). And having one password for system access instead of two (one to
log in and then the root password) should not matter if a strong password
with capital letters, lower case letters, adn numbers is used, preferably in
a seemingly random arrangement, and particularly not based on birthdays,
names, or other words.
I also used to be what this man calls a "sudo doubter," but I was converted,
because I find it very convenient becuase, very simply, it allows the
restriction fo priveleges. On a multi user system, aI can ensure that the
various memebrs of my family if they use my computer cannot do anythign
harmful to it out of a lack of knowledge for Linux. To do the same thing with
root, I woudl have to remember an additional password. This way, I jsut don't
allow them to use a sudo account.
Sasha
More information about the sounder
mailing list