[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: edit root alias when installing the OS



On 1/6/06, Tommy Reynolds <Tommy Reynolds megacoder com> wrote:
>
> 1) Once any non-admin learns the root password, everybody knows the root
> password.  And unless the admin wants to do every trivial admin
> activity, the root password must be given out and thus compromized.
>
> 2) Root logins are security problems because you can't tell which
> human actually logged on in the guise of root.  Whom do you fire,
> even if you figure out what was done?
>
> 3) Sudo(1) allows fine control over which programs a user can run as
> any other user.

I agree that for multi-admin systems sudo is useful.

> 4) With sudo(1), an authenticated user must reauthenticate to run a
> program as another user.  (Trusted users need not reauthenticate.)
>
> 5) Sudo(1) logs the activity so you will have an audit trail.  System
> console, and syslog.

Unless you really lock down sudo, there are many ways to make a
seemingly harmless command in the log be really devastating. For
example, run `sudo <scripting language interpreter>` and before you
know it someone running the 'php' command has just done a whole lot of
damage to the system.

I am the only person who needs root access on my systems, so I don't
really need to use sudo.

I use Fedora as a desktop, and I would hate it if the root user was
disabled by default (and you were forced to use sudo). Of course users
shouldn't be logging in as root, but removing the idea of a root user
entirely is just bad. Adding the first user to sudoers by default is
only making the system insecure, and it weakens the unix concept of
root. Before you know it every user will be in sudoers (just like
every Windows user is an administrator) and the system will only be as
safe as its weakest password.

I think people can handle the concept of root just fine as it is. We
should not be dumbing it down and weakening the security of the
systems by default.

I think the WinXP login screen is good with the way it doesn't show
the 'Administrator' user unless you press a key-combination -- maybe
gdm could do something similar and not let you login as root until you
press something. Users need to be taught to respect the root account,
not taught to think that every user should be able to perform system
operations by putting in their password.

n0dalus.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]