[geeks] root equivalent user

Greg A. Woods woods at weird.com
Wed Oct 23 16:29:45 CDT 2002


[ On Wednesday, October 23, 2002 at 15:32:56 (-0500), Steven Hill wrote: ]
> Subject: Re: [geeks] root equivalent user
>
> > That won't help in this particular situation.  Giving sudo access is
> > almost always equivalent to giving root access.
> 
> Uhh, not if you tie it to particular commands, or other priviledged user
> (such as runtime accounts...)
> 
> I see the almost always, btw.
> 
> Methinks sudo is most likely to be the best solution.

I would strongly recommend that nobody ever use sudo unless they have a
_VERY_ deep and complete understanding of not only the Unix Security
Model, but also a deep and broad understanding of the intended system(s)
and the security policies which apply to them.

Sudo almost always gives a false sense of security -- i.e. it appears to
be more secure than it really is.

I've never yet encountered an installation where sudo was both useful
enough to be worth using and maintaining and yet was secure at the same
time.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods at ieee.org>;           <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>



More information about the geeks mailing list