| 1 |
On Fri, 11 Nov 2011 21:10:27 +0100 |
| 2 |
Lorenzo Bandieri <lorenzo.bandieri@×××××.com> wrote: |
| 3 |
|
| 4 |
> > Then you must be using a single-user machine. Like your own laptop |
| 5 |
> > or desktop. |
| 6 |
> > |
| 7 |
> > sudo is absolutely necessary on any multi-user machine unless you |
| 8 |
> > like security holes. |
| 9 |
> > |
| 10 |
> > Instead of bashing sudo, it's better to find out what problem it is |
| 11 |
> > designed to solve, then determine if you have that problem. It does |
| 12 |
> > have a point, and a very valuable one too, you just seem to not have |
| 13 |
> > seen it yet. |
| 14 |
> |
| 15 |
> Yes, Alan, you're right, I'm on a single-user machine. I apologize, I |
| 16 |
> should have made it clear. |
| 17 |
|
| 18 |
No worries :-) |
| 19 |
|
| 20 |
> Indeed, I can see that in a multi-users |
| 21 |
> machine sudo is useful. I just don't agree on the Ubuntu policy of |
| 22 |
> using sudo instead of root by default, assuming that it provides more |
| 23 |
> security. I don't want to start a flame war about sudo vs su, sorry if |
| 24 |
> I sounded rough! |
| 25 |
|
| 26 |
Well, it's worth discussing, as sudo on Ubuntu *does* improve security, |
| 27 |
but you have to think a little about how first. |
| 28 |
|
| 29 |
It's not IT security it provides, it's human security. As I mentioned |
| 30 |
to Dale, it encourages people to think a little more about what they |
| 31 |
are doing. It's not perfect, but nothing is. |
| 32 |
|
| 33 |
Unix has always been very strong on initial authentication and rather |
| 34 |
weak on authorization thereafter. If you can prove you know the root |
| 35 |
password, you get the keys to the kingdom until the end of time |
| 36 |
(defined as logout) - it's an all or nothing approach which obviously |
| 37 |
cannot possibly fit RealLife. |
| 38 |
|
| 39 |
sudo may or may not implement an authorization scheme that's suitable |
| 40 |
for use, but the need for it is undeniable. It's easy to get |
| 41 |
authorization completely wrong and go over the top, take SE-Linux. It's |
| 42 |
very design and complexity encourages sysadmins to find ways to switch |
| 43 |
it off! And they mostly do - with a single boot parameter in grub.... |
| 44 |
|
| 45 |
|
| 46 |
-- |
| 47 |
Alan McKinnnon |
| 48 |
alan.mckinnon@×××××.com |
Archives