Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Jan 2009 21:23:32 -0700
From:      Tim Judd <tajudd@gmail.com>
To:        Clifton Royston <cliftonr@lava.net>
Cc:        Akenner <SlackWareWolf@comcast.net>, questions@freebsd.org
Subject:   Re: Edit user groups
Message-ID:  <4976A344.3090106@gmail.com>
In-Reply-To: <20090120222942.GB26526@lava.net>
References:  <49762F6C.8040404@comcast.net> <20090120222942.GB26526@lava.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Clifton Royston wrote:
> On Tue, Jan 20, 2009 at 03:09:16PM -0500, Akenner wrote:
>   
>> Hi,
>>
>> I'm using FreeBSD 7.1-RELEASE and I have multiple user accounts set up. 
>> I made about 4 for myself to use and do various testing with, and made 
>> some for my Wife as well because She knows UNIX better than I do anyway heh.
>>
>> Anyway, one of the things I forgot about, was that FreeBSD by default 
>> doesn't allow just anyone to use su.
>>     
>
> Good advice given so far (pw is a good tool, direct editing works) but
> I'd also suggest you consider installing and using sudo; I always
> install it on all of my systems and use it probably 10-20 times as
> often as su.
>
>   -- Clifton
>
>   
and I recommend against sudo because it's very design is a 
man-in-the-middle type of scenario, and one typo by the sudo devs can 
possibly make a mess out of things.

I think sudo makes a lazy admin -- too easy to just run in and hit 
something.

I think sudo is a false sense of security.  If a user trusts another, 
and give sudo access, why not give the whole OS to them?

Sudo's out there -- don't get me wrong, but you won't catch me dead with 
a box with sudo installed.  I think it's a very misleading tool.  And 
not to say they do -- but what if the devs put in a keygen...do you 
monitor the sudo source code?

And if I remember correctly -- the way sudo gets it's work done is a 
SUID bit to root.  Those are the devil's eggs that hatch and just cause 
havoc.  A rogue CGI calling sudo to do something on the website, buffer 
overflow (with php!) and you've gotten rooted.

No, no -- I hate sudo for it's own doing.  It's going to eat itself alive.

</rant>  No flames please.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4976A344.3090106>