Using sudo to Keep Admins Honest? sudon't!
Alexander Jacob Tsykin
stsykin at gmail.com
Sun Nov 5 01:43:37 GMT 2006
The guy says quite clearly that the point of the root account is not to keep a
usert safe from his own mistakes. In my experience, even in Windows, having
the security actually compromised is quite rare, if you ahve a decent virus
scanner and firewall, and in Linux is almost non-existant. No, su does not
keep a computer safe from attack, because, principally, it's not a terribly
great danger anyway. Su, and sudo, do stop you from being able to do
somethign stupid from your own account, a much mroe valuable protection. I
knwo of at least one instance where this has saved a computer I was
administering (but somebody else was using at the time). Sudo makes that
protection even bettr by making it impossible to either log in a root or
leave a root shell open (unless somebody uses sudo -s, not recommended, or
sudo -i). I think that this protection is the most important thing in sudo,
and far from the irrelevant nothing that the article's writer dismisses it
as.
Sasha
More information about the sounder
mailing list