Using sudo to Keep Admins Honest? sudon't!
Derek Broughton
news at pointerstop.ca
Mon Nov 6 13:33:55 GMT 2006
Alexander Jacob Tsykin wrote:
> On Monday 06 November 2006 06:32, Derek Broughton wrote:
>> Tristan Wibberley wrote:
>> > No, you should log out of the second account, and then in to the first
>> > account giving a securable route (via gdm, bugs notwithstanding).
>>
>> Except it's NOT a securable route - unless you're going to remove "su"
>> from the system completely, because what a user "should" do is not what
>> they're _likely_ to do when given a choice between simple and more
>> complex options.
>>
>> In any case, I fail to see how gdm is more secure than sudo.
> The point was that you log into you ":administrator account" to use sudo,
> and your other account for all other tasks.
No, the point was that logging in via gdm is a "securable route".
There's two reasons why that's not valid. Unless you remove "su" (possible,
but not stated as necessary in the argument), any user who has access to a
privileged account, whether that account is "root" or the initial Ubuntu
account, can "su" to that account from their own session _and will do so_.
Since use of su isn't logged, you have achieved nothing over letting the
user use the privileged account in the first place. Secondly, there is
nothing I know of in GDM (or xdm/kdm) that is inherently more secure than
using sudo.
--
derek
More information about the sounder
mailing list