Re: Sudo was[Re: Emacs from Xterm]
On Fri, Jul 05, 2002 at 02:15:42AM -0400, Travis Crump wrote:
> But "YourUserID ALL=/bin/bash" would also let a user do anything he
> wants. How do I as someone pretty inexperienced know which commands
> are equivalent to that and which are safe?
That's not an argument against sudo. You also don't consider passwd(1)
unsafe because someone inexperienced can choose a weak password like
'abc123', don't you? Nothing will (or can) stop you from creating huge
security holes if you are not careful enough.
For your question about which commands are safe and which are not: every
tool that can start arbitrary other tools is a big "No-no". Same for tools
that can access or modify arbitrary files. And the most important thing of
all: don't give people you can't trust any privileges.
If you have to give someone access to certain things which don't fit in
one of those categories, it can be considered a necessary evil and has to
be done. And using sudo, which lets at least partially control who is
allowed to do what as a privileged user is surely better than giving
people the rootpassword and full access.
--
The better the state is established, the fainter is humanity.
To make the individual uncomfortable, that is my task.
-- Nietzsche
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: