Re: sudo questions
On Fri, 2013-08-16 at 17:08 +0200, berenger.morel@neutralite.org wrote:
> Why would it be worse than a shared admin account? For the shared
> account, I can easily understand why it's not something to do, but I can
> not see the problem with multiple "root" accounts?
> (I did not said that the admins should use them for daily tasks, just
> that it was possible to use that to avoid changing a password when
> someone lost his rights.)
You give users the needed privileges, not more, not less. If a user
should need full root access, then it's ok too, this user also could get
the root password directly, since it anyway would be possible to change
the root password by this user, but you unlikely will give several users
those rights, since if you would do that, no admin is needed anymore.
It's not only a security risk regarding to viruses, data piracy etc.,
but also a risk that too many admins could mess up the stability of the
install.
You need an admin and alternate admins and users usually don't need any
kind of root privilege.
Don't confuse our home machines with servers of large companies, at home
we even don't need this level of security, resp. at home take care that
nobody can use a live media and chroot your install, so for the paranoid
home computer user, encrypt the drive, change your passwords 8 times a
day etc. ;), even don't store your keys anywhere, learn more than 2048
numbers by heart and type the complete key each time you want to do
something. IOW as long as somebody in your flat can turn on your machine
and insert a live media, you don't need to take that much care about
passwords, excepted of Internet security, such a machine can be hacked
by going the chroot route.
However, this su, sudo debate is nonsense. Don't confuse "I'm accustomed
too and would prefer" with "it's more or less secure".
Reply to: