sudo and /etc/sudoers
Smoot Carl-Mitchell
smoot at tic.com
Tue Dec 30 15:39:01 UTC 2008
On Tue, 2008-12-30 at 08:20 -0500, Mark Haney wrote:
> Sudo is not only important, it's vital for secure consistent and
> granular control of root permissions for users. Without it, you can't
> manage controls OR figure out who did what if an audit trail is needed.
Amen to this. sudo is not perfect in these regards, but it is a heck of
a lot better than running root shells which until sudo came along was
the only way to manage Unix systems. Security experts have known for a
long time the weakness of having uid "0" be a "special" account. Check
out the kernel sources sometime and see how many places there are checks
to see if the effective userid is zero.
Ideally, there would be no "root" account. Access privileges would be
controlled by a more granular system. sudo is an attempt to implement
such a system on top of the imperfect uid "0" system.
--
Smoot Carl-Mitchell
System/Network Architect
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list