On Wed, Sep 13, 2000 at 10:23:14PM -0800, Ethan Benson (erbenson@alaska.net) wrote: > On Wed, Sep 13, 2000 at 08:56:32PM -0700, Bob Nielsen wrote: > > > > I use sudo, logged in as a regular user. It's generally considered a > > security risk to be logged in as root, and a bit less of a risk to use > > sudo or fakeroot. > > well it depends on how you setup sudo, IMO letting your non-privileged > account run anything as root via sudo is a bad idea. it essenially > turns your non-privileged account password into the root password. > > sudo bash > > yeck. The advantage in a multiuser environment is that you providing (and controlling) root access at the user level rather than at the system level. Eg, Tim, Bob, Alice, and Nate have access to a system. Tim, Alice, and Nate are admins. Nate is canned for violating company SOP. If Tim, Alice, and Nate shared the root password, you need to: - Change the root password. - Tell Tim and Alice If root access was provided via sudo: - Remove Nate from the /etc/sudoers file. In no case do you have to worry about poor old Bob, who's just a dumb luser. Maybe you want to give him limited access to the print queue -- see the sudo docs for info on how to do this. Use of sudo also allows denying *all* remote root access. Hit the system as a normal user first, then go root. Ideally, the root account password is simply not well known, and console admin is done only when absolutely required, with password being created at this time or unsealed as needed. -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Opensales, Inc. http://www.opensales.org What part of "Gestalt" don't you understand? Debian GNU/Linux rocks! http://gestalt-system.sourceforge.net/ K5: http://www.kuro5hin.org GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
Attachment:
pgpjqDJ406Kwj.pgp
Description: PGP signature