Another reason *to* use sudo?

Ben Edwards funkytwig at gmail.com
Mon Nov 22 16:12:04 UTC 2004


On Mon, 22 Nov 2004 13:48:01 +0000 (GMT), Paul Sladen
<sounder at paul.sladen.org> wrote:
> On Mon, 22 Nov 2004, Ben Edwards wrote:
> 
> Hello Ben,
> 
> > We were trying to decide whether to enable root on the Ubuntu PCs we
> > have been setting up at a community center
> 
> I strongly recommend you do not.
> 
> > If you ssh into a box the password of the initial account you log in is
> > _not_ encrypted
> 
> This is untrue.  SSH stands for 'Secure SHell'.  OpenSSH is developed by the
> OpenBSD team and ensures end-to-end crypto of everything---passwords most
> importantly.
> 
> The first time you SSH login to a new machine you'll be asked to confirm the
> 'fingerprint' of the machine at the other end.  This is to make sure you are
> talking to the machine you expect and not to somebody pretending to be that
> server.
> 
> > your password could be snifed
> 
> Only if you're using unencrypted Telnet, FTP or POP3.  You must be nuts if
> you do that.
> 
> > I should also mention that the good thing about sudo which is not on
> > the RootSudo page is that you can selectively give people access to
> > various aspects of roots privileges
> 
> Given that you yourself are talking about the merits of using 'sudo', why
> are you questioning your own decision and considering changing the
> out-of-the-box configuration to something you are less sure about?

"We were trying to decide" was how my email started - i.e. we have not
yet made a desision.  There have been various discusions about sudo
both before and after I put the first version of the
http://wiki.ubuntu.com/RootSudo.  One thing that everybody (exept you)
else concedes (in threads I have read here whitch are most) is that it
is by all means a cut and dry desision.  There are pros and cons and
it depends on the enviroment you are in.  We are using LDAP/NFS
'/home' / Terminal Servers) and all these element have an impact into
the decision.  Anyway the basic stuff is laid out at
http://wiki.ubuntu.com/RootSudo.

Ben

> 
>        -Paul
> --
> Is there no safe way to travel?  Nottingham, GB
> 
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> 


-- 
Ben Edwards - Poole, UK, England
WARNING:This email contained partisan views - dont ever accuse me of
using the veneer of objectivity
If you have a problem emailing me use
http://www.gurtlush.org.uk/profiles.php?uid=4
(email address this email is sent from may be defunct)




More information about the ubuntu-users mailing list