user created at install added in sudoers ?

Matthew Miller mattdm at mattdm.org
Tue Jun 19 10:46:32 UTC 2007 

On Tue, Jun 19, 2007 at 02:23:18PM +0930, n0dalus wrote:
> Giving some users sudo access by default can easily make things less
> secure. It means that accessing root becomes as easy as finding a
> standard users' password. If there is some exploit successfully
> executed on the user's account, I estimate chances are very high that
> they can find the account's password saved in either the browser or
> desktop environment settings and quickly gain root access.

If they can compromise the user account of a system administrator who ever
uses su or one of the usermode-enabled applications, the root password is
very quickly suspect. This is largely a false sense of security.


> While some people take the effort to use a different root password and
> keep it separate from other passwords, very few people separate their
> user account password from the myriad of other authentications, and
> they shouldn't have to. It's reasonable and sensible that people reuse
> their more trivial passwords, and for them to save their commonly used
> passwords in commonly used applications.

Yes, well, a system administrator enabled password isn't one of those
trivial passwords. I agree with your point about myriads of passwords, but
it's vital to recognize which ones are actually important. I'm not sure
encouraging horrible password practice should be a design goal.

> To my recollection, these are said advantages of sudo: (I will discuss
> them and ways of implementing them without needing regular users to be
> in sudoers directly)
> 1) Don't have to repeat password as often
> For people who want this feature, it is better written as a pam module
> instead, which would allow it to be used for su, sudo and any other
> access mechanisms (very extensible).

Exists already.

[...]
> The usual way this is done is by having separate user accounts (one
> for each person that needs root access) which are meant to exclusively
> be used for doing privilege escalation. So people have a separate
> account for their day-to-day work and their web browsing and document
> writing, and su in to the special account to use sudo from there.

This seems unrealistic.


-- 
Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>

More information about the fedora-devel-list mailing list