SELinux vs. sudo and usermode

[Matthew Miller]

In many ways, the sudo and usermode programs are kludgy attempts to achieve
what SE Linux does for real -- separate out root powers. Certain users can
be delegated to run only certain programs with root privileges.

Sudo also acts as the sysadmin's swiss army knife. Common practice here is
to have all sysadmins use sudo for _anything_ that needs to be run as root.
This has the advantage of documenting all actions (by agreement, not
enforced, of course), and the convenience of not needing to actually know
the root password.

Likewise, the usermode program allows any user to provide the root password
in order to run the various system-config-* programs. I have a patch (see
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=86188>) which allows
members of a given group ("wheel", typically) to authenticate with their
*own* credentials to gain access to these programs. (Other users are
prompted for the root password.)

There's an obvious security tradeoff, here: instead of needing to know two
passwords, one only needs one's own. On the other hand, it removes the need
to manage root passwords for desktop users or for large numbers of machines,
and is an undeniable convenience.

So, since I'm just diving into SE Linux -- how does this _work_ in the Brave
New World?

Is sudo obsolete? Is my usermode patch now pointless? Can this be
accomplished another way? *Should* it be accomplished at all? 

Thanks!


-- 
Matthew Miller           mattdm at mattdm.org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>