[SLUG] sudo vs su [WAS: Re: Lindows experience]
On Wed, 17 Aug 2005 11:56, Jeff Waugh [EMAIL PROTECTED] wrote:
quote who=Sridhar Dhanapalan
Also, are there any security implications of this? Doesn't it mean that
in a default setup, any local user can gain root access? Please correct
me if I'm wrong.
Absolutely not. Have a look at /etc/sudoers to see the configuration. In
warty, it gave full sudo access to the initial user created. In hoary, it
gives full sudo access to members of the admin group (which the initial
user is a member of).
There is a FAQ about using sudo on the Ubuntu site (disconnected atm, so
can't give you the URL), which discusses some of the security issues. It
comes down to the fact that using sudo is highly recommended generally,
we've just chosen to make that the default configuration.
Being involved in the PCLinuxOS project, and being impressed with
Ubuntu's/Mac's implementation of sudo, I decided to propose to the PCLinuxOS
mailing list that we implement a similar setup. Apart from a couple of
people, most have responded with jeers and even suspicion. One other
developer even accused me of pimping for Ubuntu/Apple, despite the fact that
I'm one of the oldest contributors to the project (not to mention being an
admin).
The most annoying thing is that most people on that list have no idea what I'm
talking about, yet they feel the need to put in their (totally uninformed)
opinions.
Does anyone have any information I can say in support of an Ubuntu-style sudo
over standard su?
Thanks.
--
Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/]
{GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}
Who controls the past controls the future: who controls the present controls
the past -- Eric Blair (AKA George Orwell)
pgpbEwbpvhwZY.pgp
Description: PGP signature
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] sudo vs su [WAS: Re: Lindows experience]
On 8/20/05, Sridhar Dhanapalan [EMAIL PROTECTED] wrote: Does anyone have any information I can say in support of an Ubuntu-style sudo over standard su? From my experence, there are all kinds of advantages to using sudo over su - Auditability (commands are (by default) logged to syslog) - 'sudoedit' - *very* useful tool - No need for a shared admin password The following paper (that I happened to be reading earlier today) mentions these points, and why it was more appropriate for their site - and why they disabled 'su' from users: http://www.usenix.org/publications/login/2004-12/pdfs/singer.pdf HTH. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On 8/17/05, Alan L Tyree [EMAIL PROTECTED] wrote: In fact, it seems to me that later users have (by default) too few privileges, at least for use in a home environment. I'm not saying that is wrong, but in a home environment you probably want to allow secondary users to use the CD, connect to the Internet, audio devices, etc. The default new user has none of these rights. Dead easy to add them through the graphical user/group controls though. Personally, I setup libpam-devperm instead - this changes the ownerships of specified devices (for example, the sound devices like /dev/dsp) to the user who is logging in. In my experence, this has been easier than adding extra users to a handful of groups. I'd strongly recommend Ubuntu consider following this path - I can't see any cases where a user should be able to log in at a graphical terminal, but not allowed to use sound, or the cdrom. - Matt. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] RedHat at UOW
Robert Barnett wrote: Hi, I have a colleague from Uppsala University, Sweden. He uses ITK/VTK for data processing and manipulation of Medical Images. He currently has a post-doc position which is shared between UOW and a Sydney hospital. He's informed me that UOW would not let him use his RedHat (Fedora Core 3) machine on the campus network because they only allow for approved OSes to connect to the network. /me UOW student I'm guessing that he wishes to install Fedora on an UOW supplied machine? If he brought his own hardware he could connect wirelessly assuming he doesn't need any specific networked resources (though printing could be a difficultly). I believe academics are (maybe were) allowed to connect there laptops via ethernet. Further, the 3rd year Computer Science project lab use to have Fedora 2 or 3. Personally I would take it higher than the ITS department. -- Simon Males [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: RedHat at UOW
On Sat, Aug 20, 2005 at 07:20:37PM +1000, Simon Males wrote: I'm guessing that he wishes to install Fedora on an UOW supplied machine? If he brought his own hardware he could connect wirelessly assuming he doesn't need any specific networked resources (though printing could be a difficultly). I believe academics are (maybe were) allowed to connect there laptops via ethernet. Postgrads normally get to do whatever inhuman things they like to the machines they get given, primarily on a just don't expect us to help you fix it basis. When I was in CompEng, most of the postgrads in TITR were running Linux on their desktops, and nobody seemed to care. Further, the 3rd year Computer Science project lab use to have Fedora 2 or 3. They'll probably be Debian Sarge now, like most of the rest of the CompSci machines now. - Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
On Wed, 17 Aug 2005 11:56, Jeff Waugh [EMAIL PROTECTED] wrote:
quote who=Sridhar Dhanapalan
Also, are there any security implications of this? Doesn't it mean that
in a default setup, any local user can gain root access? Please correct
me if I'm wrong.
Absolutely not. Have a look at /etc/sudoers to see the configuration. In
warty, it gave full sudo access to the initial user created. In hoary, it
gives full sudo access to members of the admin group (which the initial
user is a member of).
Is it a good idea to give *full* sudo access to the initial user by default?
This sounds like a security problem to me.
--
Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/]
{GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc
0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4}
You have no idea the evil we do on a regular basis. ... The worst type of
criminals don't carry a gun, they take your money legally.
-- Anonymous MCI Worldcom employee, June 2002
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lindows experience.
Sridhar Dhanapalan wrote:
Is it a good idea to give *full* sudo access to the initial user by default?
This sounds like a security problem to me.
Yes, if you want your distro to be useful to the average Tom, Dick
Mary on the street.
--
Terry Collins {:-)}}} email: terryc at woa.com.au www:
http://www.woa.com.au
Wombat Outdoor Adventures Bicycles, Computers, GIS, Printing,
Publishing
People without trees are like fish without clean water
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] This is hilarious
Hi, I just took this fun personality test and thought you'd like it, too. Take it and see how you score (you'll also get to see my score at the end): What Breed of Dog Are You? http://web.tickle.com/invite?test=1000type=t Ron -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] SQL-ledger and IDENT fatal error...
* Howard Lowndes [EMAIL PROTECTED] spake thus: You did restart your Postgresql after you changed pg_hba.conf...? good question - I have a feeling I may not have, but Michael's posts had that as an instruction so I did it this time... oh, adn I should probably have posted to the list sayin that his instructions worked for me - I think I just emailed him personally... Thanks, though :) Taryn -- This .sig temporarily out-of-order. We apologise for any inconvenience - The Management -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
