Re: Excessive root usage in Debian
Bjoern Brill <brill@samson.math.uni-frankfurt.de> writes:
> > I don't understand why that would be more secure than giving them root
> > access. Even giving them access to /etc/vimrc would be a security loophole
> > if root ran vim. Many - maybe most - config files let you run an arbitrary
> > program at some point.
> >
> There are at least three different aspects to consider:
>
> 1. protection against security compromises:
> For this, giving anyone but root administrative power tends to open
> security leaks. As you said, everybody who can alter config files (or
> write to raw devices to run fsck or...) can compromise the whole system.
> So everything you get are more accounts that have to be safeguarded at any
> price.
This is a logically silly point, since with our existing system this
people have to be given full root access anyway. How is giving them
access to a particular user or group less secure, given that the worst
that could happen is that they could obtain the same access that they
must have now?
--
John Goerzen Linux, Unix consulting & programming jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
----------------------------------------------------------------------------+
Remote from Kansas
Reply to: