user created at install added in sudoers ?

n0dalus n0dalus+redhat at gmail.com
Wed Jun 20 11:11:51 UTC 2007


On 6/20/07, Chris Brown <snecklifter at gmail.com> wrote:
> >
> > In what way would it benefit a majority of users?
>
> Please go back and read the thread for the arguments for doing this.

I've read them all. Most of the supposed benefits are not actually
benefits exclusive to sudo, and the actual benefits of sudo only apply
to a small minority.

> > I could be wrong,
> > but I suspect the majority of Fedora installations only have one
> > administrator, in which case, sudo actually ends up making things
> > _less_ secure (it provides another account by which root access can be
> > cracked). The majority of Fedora setups, including many ones with just
> > two or three administrators, would never have a need for revokable
> > root access (which is the only real advantage sudo gives).
>
> No, its not. It means newbies understand the concept of root better (and
> don't run everything as root) and, as I have already said, I consider it
> more secure as it allows me to temporarily escalate privs to run a program
> requiring root in the knowledge that I can forget about having to exit the
> root shell afterwards. Which is nice.

Stopping users running everything as root is a completely orthogonal
issue. That is done by disallowing root logins at gdm/kdm/xdm, not
using sudo.

Sudo doesn't stop you from having a root shell. It's as simple as
`sudo sh`, try it and see. Furthermore, you can already temporarily
escalate privileges with 'su -c' as has been discussed in this thread.

The benefits you have just listed are already part of Fedora by
default, and sudo is not needed to get them.

n0dalus.




More information about the fedora-devel-list mailing list