On Wed, Oct 22, 2008 at 9:55 AM, Mislav Marohnić <[EMAIL PROTECTED]>wrote:
> On Wed, Oct 22, 2008 at 16:41, David Masover <[EMAIL PROTECTED]> wrote: > >> >> For example: My SSH key has access to both the user the application runs >> as, and root. There's a reason we don't run applications as root -- but this >> gives that user the ability, temporarily, to obtain root. > > > Uh, you shouldn't log in as root. That's bad practice. Sysadmins often deny > the root user login rights. You should use a user that's a sudo-er for > administrative tasks. > First: Sudo is annoying, for this purpose. I've got passwordless SSH to all sorts of places, and yes, my key file is encrypted. If I can login as every user except root, I can still do quite a lot of damage. So, even if they can't get root, it provides a means for one application to steal another application's user, or for a sandbox experiment to jump into an application user. Me not logging in as root doesn't address the root cause (so to speak). Second: What does sudo actually buy, in terms of security? I am the admin. I built the virtual machine image. If I want to cause problems, nothing is going to stop me. All this would do is annoy me, pretty much like Vista's UAC. I understand the purpose of sudo on a desktop machine, but often, I end up doing 'sudo su -' anyway. So I consider ssh-ing as root to be a similar action -- it's like sudoing, but less annoying. Now, for the automated stuff, sure -- I should be using sudo, and I should have specific tasks as exceptions. Automate as much as possible, and run as little as possible as root. But sometimes, you just have to edit fstab, or add users, or muck with MySQL permissions, or copy some files (or change ownership on them), or distribute SSH keys, or a dozen other things you didn't plan for, and don't have a dedicated script to automate. --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
