Date: Tue, 20 Jan 2009 21:23:32 -0700 From: Tim Judd <tajudd@gmail.com> To: Clifton Royston <cliftonr@lava.net> Cc: Akenner <SlackWareWolf@comcast.net>, questions@freebsd.org Subject: Re: Edit user groups Message-ID: <4976A344.3090106@gmail.com> In-Reply-To: <20090120222942.GB26526@lava.net> References: <49762F6C.8040404@comcast.net> <20090120222942.GB26526@lava.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Clifton Royston wrote: > On Tue, Jan 20, 2009 at 03:09:16PM -0500, Akenner wrote: > >> Hi, >> >> I'm using FreeBSD 7.1-RELEASE and I have multiple user accounts set up. >> I made about 4 for myself to use and do various testing with, and made >> some for my Wife as well because She knows UNIX better than I do anyway heh. >> >> Anyway, one of the things I forgot about, was that FreeBSD by default >> doesn't allow just anyone to use su. >> > > Good advice given so far (pw is a good tool, direct editing works) but > I'd also suggest you consider installing and using sudo; I always > install it on all of my systems and use it probably 10-20 times as > often as su. > > -- Clifton > > and I recommend against sudo because it's very design is a man-in-the-middle type of scenario, and one typo by the sudo devs can possibly make a mess out of things. I think sudo makes a lazy admin -- too easy to just run in and hit something. I think sudo is a false sense of security. If a user trusts another, and give sudo access, why not give the whole OS to them? Sudo's out there -- don't get me wrong, but you won't catch me dead with a box with sudo installed. I think it's a very misleading tool. And not to say they do -- but what if the devs put in a keygen...do you monitor the sudo source code? And if I remember correctly -- the way sudo gets it's work done is a SUID bit to root. Those are the devil's eggs that hatch and just cause havoc. A rogue CGI calling sudo to do something on the website, buffer overflow (with php!) and you've gotten rooted. No, no -- I hate sudo for it's own doing. It's going to eat itself alive. </rant> No flames please.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4976A344.3090106>