Le 16.08.2013 17:43, Ralf Mardorf a écrit :
On Fri, 2013-08-16 at 17:08 +0200, berenger.morel@neutralite.org wrote:Why would it be worse than a shared admin account? For the sharedaccount, I can easily understand why it's not something to do, but I cannot see the problem with multiple "root" accounts?(I did not said that the admins should use them for daily tasks, justthat it was possible to use that to avoid changing a password when someone lost his rights.)You give users the needed privileges, not more, not less. If a usershould need full root access, then it's ok too, this user also could get the root password directly, since it anyway would be possible to change the root password by this user, but you unlikely will give several usersthose rights, since if you would do that, no admin is needed anymore. It's not only a security risk regarding to viruses, data piracy etc.,but also a risk that too many admins could mess up the stability of theinstall.You need an admin and alternate admins and users usually don't need anykind of root privilege.
I did not mention giving root privileges for all users, but Richard Hector said that one of "su"'s problems was that every admin would need to know the same password, and that if one of them must lost his rights, the new password should be given to all remaining admins. So I said that this was wrong, since it is possible to have more than one admin account. I did not said that those admin accounts should be used for daily tasks.
About having only one admin... I think the best is to have 2, because what will happen if one have can not connect when there is a problem? So, imho, sudo to make multiple "full admins" is not better than su. For partial admin rights, sudo have the advantage of better granularity, but, as few people said, I think that a normal user's password is ( or should be ) more easily stolen than the root password, since this last one should be used only with special care. But this can be configured, I guess. I do not really mind, since I do not need sudo.
Don't confuse our home machines with servers of large companies, at home we even don't need this level of security, resp. at home take care that nobody can use a live media and chroot your install, so for the paranoid home computer user, encrypt the drive, change your passwords 8 times a day etc. ;), even don't store your keys anywhere, learn more than 2048numbers by heart and type the complete key each time you want to dosomething. IOW as long as somebody in your flat can turn on your machineand insert a live media, you don't need to take that much care aboutpasswords, excepted of Internet security, such a machine can be hackedby going the chroot route.
Of course. My user password is a very short one here, I would never use it for real business. My root pass on the other hand should give some problems to an attacker, and the password of that mail address is even stronger ( it's easier and more useful to target my mail provider than my desktop, and since I use su quite often - updates, playing with funny commands - I prefer an average password easy to write )
However, this su, sudo debate is nonsense. Don't confuse "I'm accustomedtoo and would prefer" with "it's more or less secure".
I agree. The problem is rarely the tools, it's how they are used ( I think the best example on that are Windows' antiviruses and firewalls, which are only burning resources and money for nothing depending on the user ) . My first intervention was to fix someone which said that root accounts are unique, with all the problems implied by shared accounts ( password communication, lacks of identification of who made what... ). Then, a real admin replied, so I took the occasion to learn and understand few more things, even if I do not apply them at home: maybe I'll have to manage a server one day, so any knowledge is good to take :)