Quote:
Unless you mean that "ALL=(ALL:ALL) ALL" type stuff Ubuntu likes to use, which is perhaps just almost the same as logging in as root really. If I use sudo on a machine, it's a ton more restrictive for general users. |
Quote:
That's a key requirement to logging in as root, which is removed when one uses sudo. Additionally, it's very difficult to properly secure sudo such that it gives only the functionality desired. For instance, cp/tar/chown/chmod/etc. can all be used to completely own the system if the following is true: 1) I have login to an unprivileged user 2) I have that user's password (if required for the user to sudo) 3) that user is allowed to sudo any one of those commands as root (and they're not completely 100% spelled out) sudo is VERY powerful, VERY confusing, and VERY often misconfigured. Give me any command where I can write a file as super-user, and your system is mine. Give me any command where I can leak information reserved to a super-user, and your system will probably be mine. And in both of these cases, the audit trail can't even be trusted (unless you log it off the box... you DO log to a separate machine, right?). Please note: I don't sit on one side or the other of this debate. I know what I use, and I am comfortable with it. There are tradeoffs that will always apply, and make some security objectives unattainable, while providing others. The best you can do is lock down what you can lock down, mitigate what you can mitigate, and keep a vigilant eye towards your systems for any type of suspicious activity. But that's all common knowledge (I think). |
Quote:
|
Quote:
I'll agree that most people don't configure *most* things properly. I disagree that sudo is difficult to secure :) This, btw, is the difference between "your neighbor's kid who uses linux" and a professional 80-100k/year sysadmin. Someone on my team here would be fired immediately for something most "good with linux" people wouldn't even notice or care about. Of course, properly secured systems also limit logins to the very fewest possible people, and audit(tripwire, whatever you like to use) every single thing they do. Even things like someone who has permissions modifying a system without proper change control will result in dismissal. Su/sudo by themselves are nothing without the proper framework to fix the underlying *social* issues. Someone caught logging into root bypassing sudosh or other logging measures would be fired on the spot. For desktops though, the main focus of this forum, the default user having sudo with everything is really no different from having root. |
every admin has a own user over ldap. nobody knows root password.
if a admin need privilege access, they can use su - and if the user in the right group then he has root privilege it's not the wheel group is for every server-group other and will managed over ldap. every su - will be reported to the moste admin that they know a root is working on a maschine. |
All times are GMT -5. The time now is 01:44 PM. |