On Fri, 11 Nov 2011 21:10:27 +0100 Lorenzo Bandieri <lorenzo.bandi...@gmail.com> wrote:
> > Then you must be using a single-user machine. Like your own laptop > > or desktop. > > > > sudo is absolutely necessary on any multi-user machine unless you > > like security holes. > > > > Instead of bashing sudo, it's better to find out what problem it is > > designed to solve, then determine if you have that problem. It does > > have a point, and a very valuable one too, you just seem to not have > > seen it yet. > > Yes, Alan, you're right, I'm on a single-user machine. I apologize, I > should have made it clear. No worries :-) > Indeed, I can see that in a multi-users > machine sudo is useful. I just don't agree on the Ubuntu policy of > using sudo instead of root by default, assuming that it provides more > security. I don't want to start a flame war about sudo vs su, sorry if > I sounded rough! Well, it's worth discussing, as sudo on Ubuntu *does* improve security, but you have to think a little about how first. It's not IT security it provides, it's human security. As I mentioned to Dale, it encourages people to think a little more about what they are doing. It's not perfect, but nothing is. Unix has always been very strong on initial authentication and rather weak on authorization thereafter. If you can prove you know the root password, you get the keys to the kingdom until the end of time (defined as logout) - it's an all or nothing approach which obviously cannot possibly fit RealLife. sudo may or may not implement an authorization scheme that's suitable for use, but the need for it is undeniable. It's easy to get authorization completely wrong and go over the top, take SE-Linux. It's very design and complexity encourages sysadmins to find ways to switch it off! And they mostly do - with a single boot parameter in grub.... -- Alan McKinnnon alan.mckin...@gmail.com
