Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


... | 21 comments | Create New Account
Click here to return to the '...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
...
Authored by: Ezekiel on Dec 06, '02 10:25:32PM

What\'s the complaint? If people want root access without writing their password every time, they are allowed to. The difference between them doing it by activating the root account, being smart and just \"sudo su\" whenever lots of root access needed commands are being performed, or using this hint with their regular account/admin account is fleeting. Someone says \"why not pee at your power supply while you\'re at it\" while another argues \"...you\'ve basically turned the system into a windows 98 machine with virtually no local security policies at all, leaving worms/trojans/viruses free to do whatever they want to your system\". Bogus. How can you claim that? The user still needs to log in, remember? What it does is give the accounts that can sudo withot password effective root status. Which of course is a serious security setback if on a server or something, but obviously not any more of a risk than having an activated root account which the user logs in as.

Personally I won\'t ever use this hint, but not because of security (well that too, I\'m running an ftp server), but rather because I find it utterly useless. Using one or a few commands that need root access having to type sudo first isn\'t a big deal, more like a 1/2-second deal... and whenever lots of work is needed with root access, there\'s the sudo su or sudo -s.



[ Reply to This | # ]
...
Authored by: Elektron on Dec 14, '02 06:20:24AM

Windows security idea: The user is the "admin".
Unix security idea: The program has root.

Because really, you don't do anything. You rely on a bunch of programs that do things, and hope that none of them is a trojan.

And then, say, one of those small apps you downloaded from VersionTracker (or whatever) realizes it doesn't need a password to sudo. So?

execl("/usr/bin/sudo","sudo","rm","-Rf","/");

(I'll assume everyone here is smart enough not to do that)

If you want root without typing lots of passes, su. Or you can sudo tcsh. But never give every other program you run the ability to do anything, too.

On another note, my Apps folder is 'chmod 1775'ed and the apps themselves are 'chmod -R 755'ed and 'chown -R root'ed. So I can add apps to the folder, but I can't edit the apps. Any new apps are chmod'd and chown'd. I'd copy them as root in the first place, if cp did resource forks and stuff correctly.

But then again, I'm paranoid =-)



[ Reply to This | # ]
...
Authored by: chabig on Dec 14, '02 10:42:06AM

My Applications folder is read-only for all user accounts. Yet they can still run apps. So you might be able to chmod 744 your apps if you're really paranoid.

Chris



[ Reply to This | # ]
Thanks, I think
Authored by: shayster01 on Jan 17, '03 12:04:03PM

I don't know if I am going to do the right thing but I am goingg to use the sudo because I lost my admin password and screwed up my hostconfig file trying to make my cd mount correctly. So all I get is the UNIX interface. I am assuming if I use the sudo command it will give me access to delete or modify the hostconfig file and I should be ok. Unless someone has a better idea??



[ Reply to This | # ]