Date: Thu, 25 Mar 1999 19:32:48 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Jeff Aitken <jaitken@aitken.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: sudo (was Re: Kerberos vs SSH) Message-ID: <v04011702b3207e12087b@[128.113.24.47]> In-Reply-To: <199903252320.SAA07455@eagle.aitken.com> References: <v04011701b32060ab1ee4@[128.113.24.47]> from Garance A Drosihn at "Mar 25, 1999 05:05:18 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
At 6:20 PM -0500 3/25/99, Jeff Aitken wrote: > Out of curiosity, to what programs do you typically grant people > sudo access? Is it not true that most "useful" programs a sysadmin > might need to do his job contain some way of exec'ing another > program? For example, you can't use sudo to grant access to a text > editor of any sort without implicitly giving full root access. Anyone allowing 'sudo vi' deserves what they get, the same way that anyone pasting their root password on their monitor deserves what they get. Why do we bother with passwords at all, if there are people who do stupid things with passwords? We give sudo access to something like 'lpc', for starting or stopping printer queues. Or we have special reboot scripts (yes, scripts). We'll trust people to do reboots as they feel necessary (particularly since sudo will log the action), but not give out root access to a few dozen part-time students who work in our help desk. Similar we have programs to fix one odd problem or another (such as "restarting portmap", which is a recent problem on our AIX boxes), and those part-time students might be allowed to do that. We admin some unix machines that we do not own. We give the owner (and maybe their grad students) access to a few things they need access to, and rightfully deserve access too, without having to worry about them "fixing" some problem in a way that breaks some of our automatic procedures. And we can do this without having to keep track of hundreds of different passwords for root (on different unix machines). And even when it's someone we trust, like, say, *ME*, there is an advantage to using sudo. an 'rm *' in the wrong window (such as a 'su'-ed window) aren't quite as catastrophic. Yes, a 'sudo rm *' can be bad news, but I am not likely to type sudo unless I'm really sure I need special privs for something. It also means we have a log of priv commands done, useful when something goes haywire and you think 'uh, what just happened?'. (remember, we're in an environment with multiple sysadmins, since we are dealing with a few hundred unix workstations running solaris, aix, or irix). In some environments sudo may seem pointless, but in other situations it can be quite helpful. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04011702b3207e12087b>