In <[🔎] 20090522183807.GA16565@markshroyer.com>, Mark Shroyer wrote: >On Fri, May 22, 2009 at 06:56:18AM -0700, Thorny wrote: >> You've just advised an obvious newbie (stated in post) on how to make >> his system insecure. Giving ALL=(All) ALL rights to a normal user is >> pretty much the same as running as root and is not recommended on a >> Debian system. It's not equivalent to running as root, since (a) you have to prefix privileged operations with "sudo", (b) you have to re-auth such actions by entering your password and (c) your sudo credentials will timeout automatically after they are not used. Using the NOPASSWD option is (usually) bad, but still leaves protection "a" from the above list in place. >> It is what was asked for, sort of, but he may not have >> have realized the significance. > >I have to call shenanigans on this. What's the threat model, exactly, >where it is safer to have a regular user su'ing to root than to have him >use sudo to the same effect? I also find the sudo approach scales better. When one (super) user leaves the organization, you disable his or her credentials but leave the other users' credentials alone. It's much better than having to change root's password and communicate that change to many people. Because of security concerns passwords to be shared among as few people as possible; sudo (and some other tools) lets you do this with root privileges. Even if you don't agree that asking for the user's password instead of root's password is a good thing, you can have sudo ask for root's password so that you get the "security" of su with the added flexibility of sudo. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.