sudo: what is the point?

[Eric Dunbar]

At the risk of being redundant...

It seems to me that "sudo" is a (much?) more secure solution to access
control to "su" or "root" (as a Mac OS X user I was used to sudo, and
found su & root
seemingly insecure ways of implementing access control when I started
on YellowDogLinux (Fedora Core 2 derivative), and found Ubuntu's
solution sensible).

(in case any developers are watching -- these suggestions are made
with usability in mind. You should only have to access the CLUI if
you're doing things that the majority of users don't need)

Here's a little bit of a GUI wish-list for Users & Groups in GNOME (&
would give Ubuntu or Linux a bit more of a leg up in the ease-of-use
category for admins since visudo is not exactly what you'd call a
user-friendly app... most admins don't have the time to fiddle with
CLUI (and, surprisingly, many can't touch type)):

1. allow a full admin to set a user flag, "Allow user to administer
computer" (i.e. add user to sudoers with ALL=(ALL) ALL; Mac OS X uses
this);

2. refine said option (go one step fu[a?]rther than OS X) by
allowing the creation of classes of pseudo-admins with limited
abillities. e.g. allow pseudo-admin to run list xyz of apps as root;
allow user to install, install/remove, remove apps.

3. (idea) have a (GUI-based) option to allow a pseudo-admin to create
users with equal and/or lesser priviledges (and, you could even limit
the accounts said user could create to lesser privs only for e.g., and
perhaps even to force such accounts to expire after a set period).
This would allow an admin to delegate user-creation to users who are
otherwise computer ignoramuses (e.g. department heads, secretaries,
designated departmental individuals, etc.), without sacrificing
security/system stability in the process. And, this process would
allow some users to create temporary accounts for visitors which
automagically disppear after a specified period, and, thus don't end
up cluttering up the system.

(Is #3 possible?... I imagine so, but it'd be nice to be able to do so
through the GUI since it'll require a lot of fiddling with sudoers to
achieve the desired effect)

I realise most, if not all (#3?) of these are presently possible, but
I don't see a quick & easy way to do so through the Users & Groups
interface.

(& please, can we keep the Linux chauvinism to a minimum. Just because
something is implemented in OS X (a *nix-like, mixed-OSS/proprietary
OS) or  Windows (non-*nix) doesn't mean that it couldn't improve the
Linux/Ubuntu computing experience)

Eric.

On Sat, 27 Nov 2004 13:25:58 +0100, Arnold Maestre
> > >Among others, with sudo the user only needs to remember one password,
> > >his own: there is bo additionnal "root" password. Additionally, sudo
> > >allows you to precisely tune which user can do what on which machine,
> > >without handing out the keys to your systems.
> >
> > That makes sense to me. So "sudo" allows one to allow specific users to
> > execute privileged commands without having to know the root password?
> 
> Exactly. From the man page: "sudo allows a permitted user to execute a
> command as the superuser or another user, as specified in the sudoers
> file." Authorizations are handled in /etc/sudoers, and can be tuned
> very precisely. For example, you could allow a certain user, or
> category, to run a command with certain parameters, say, you coul
> allow junior admins to install packages (apt-get install) but not to
> remove packages (apt-get remove). You can also allow certain commands
> to be run without passwords.
> 
> For more info:
> man sudo
> man sudoers