for everyone whose sick of sudo read this

Stephen Ward s.ward at auckland.ac.nz
Thu Jun 30 00:10:55 UTC 2005 

As I said - you need to take precautions, but at some point you have to
accept that root should have full control, reminders warnings etc are
all good, but if you are going to go to the extreme of "you shouldn't
need to do that therefore you can't" then we are starting down the
windoze track.  There are often special exceptions where you might want
to do something even though it is extremely uncommen.  So by all means,
warn, protect etc but becareful not to go to far and stop people from
being able to do what they want to do.  Of course people are not
perfect, but if the OS warns me and I do stupid stuff anyway - that's my
fault.  The cost of stopping that possibility completely is too high.

Stephen R Laniel wrote:

>On Thu, Jun 30, 2005 at 11:04:31AM +1200, Stephen Ward wrote:
>  
>
>>Basically, if you have permission to become root you should know what
>>you are doing so you should have full access.  The control is to not
>>allow people to become root if they can't be trusted.
>>    
>>
>
>Incorrect. You introduce security wherever you can. You make
>sure that your programming languages enforce data hiding,
>for instance, so that objects can't be put into an
>inconsistent state by a programming mistake. (C does not do
>this by default.) You keep your programs in their own memory
>spaces so that a crash in one program doesn't take the whole
>system down. (Mac OS 9 did not do this -- cooperative memory
>management theoretically performed better than Windows,
>because the OS didn't need to expend resources keeping
>things separate.) It's why you use compilers in the first
>place.
>
>You *never* assume that anyone is infallible. People make
>mistakes, and your system should be resilient against as
>many of those mistakes as possible. In particular, one
>way to do this is to make sure that your system files
>don't have any syntax errors in them. (Which is why,
>incidentally, I've thought for a while that Linux system
>files should use a common format with a rigid syntax --
>something like a DTD or an XML Schema -- so that before
>you save any of your config files, the system can check
>whether you made any typing mistakes.)
>
>Plus, if you make it easy to hose your system with the
>sudoers file, you give people another excuse to avoid using
>sudo altogether -- which is even worse.
>
>We're moving into an era when Linux will be used --
>hopefully -- by lots of people who don't have sysadmin
>backgrounds. So for one thing we want to give as few
>programs root privileges as possible, and for another we
>want to insure against errors by people when they *do*
>become root.
>
>  
>

More information about the ubuntu-users mailing list