On Sun, Dec 21, 2008 at 01:23:20PM +1300, Simon Geard wrote: > > Besides, I don't really like configuring sudo to not need a password, > even if I narrow it down to very specific commands. From experience, > it's too hard to configure safely - I can obtain root shells on most of > the servers at work by exploiting subtle sudo weaknesses, and I don't > want to reproduce that on my own machine. I mostly use it as a more > convenient syntax of 'su -c', requiring the root password rather than a > user password to do anything. > I'm still having trouble understanding why people think sudo is safer, even where it is configured to require a password (I accept that restricting it to specific commands is safer, but probably inconvenient in BLFS). In OSX I have to type my user password the first time I sudo, but then ISTR I can continue to sudo for a period of time without repeating the password.
But then, people have been known to use empty passphrases with subversion - I can see the convenience (e.g. in svn blame), but it doesn't mean it's a good idea. ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
