Hello World
Albert van der Horst
albert at spenarnc.xs4all.nl
Sat Jan 17 13:06:41 EST 2015
In article <h9gqob-c3e.ln1 at esprimo.zbmc.eu>, <cl at isbd.net> wrote:
>Michael Torrie <torriem at gmail.com> wrote:
>> On 01/17/2015 07:51 AM, Albert van der Horst wrote:
>> > In article <mailman.17471.1420721626.18130.python-list at python.org>,
>> > Chris Angelico <rosuav at gmail.com> wrote:
>> > <SNIP>
>> >>
>> >> But sure. If you want to cut out complication, dispense with user
>> >> accounts altogether and run everything as root. That's WAY simpler!
>> >
>> > I didn't except this strawman argument from you.
>> > Of course you need a distinction between doing system things as
>> > root, and working as a normal user. You just don't need sudo.
>>
>> I just don't see the distinction. What's the difference between having
>> to type in a root password and having to type in your own administrative
>> user password? Guess we're all just struggling to understand your logic
>> here.
>>
>One big distinction is that you need to know two passwords to get root
>access if there's a real root account as opposed to using sudo. This
>only applies of course if direct root login isn't allowed (via ssh or
>whatever).
The other is that if a dozen users have sudo possibility, one compromised
password compromises the whole system. The same administrators that like
sudo will force the users into a "safe" password of at least 8 characters
a special sign a number and a capital, instead of educating them to
use a strong password like the_horse_eats_yellow_stones. 1]
Chances are that one of the users has a password like
! (first special sign) 1 (first number) Q (first capital)
followed by a weak 5 letter word (or even a guessable one).
Compare that to
"Dear administrator, I've to do this. Can I have the root password."
"Sure here it is" Looks over users shoulder. "Are you ready?"
Make sure he's logged out. Uses random generator for a new password.
If there is something, anything, change the root password and check
the disk for suid-root files.
There is no such thing as automatic security.
Security requires one thing: attention. And effort. So two things:
attention and effort. And simplicity. So three things: attention,
effort and simplicity.
sudo makes administrators careless, lazy and it is not simple at all.
>--
>Chris Green
Groetjes Albert
1] I don't claim this is *very* strong, just strong.
--
Albert van der Horst, UTRECHT,THE NETHERLANDS
Economic growth -- being exponential -- ultimately falters.
albert at spe&ar&c.xs4all.nl &=n http://home.hccnet.nl/a.w.m.van.der.horst
More information about the Python-list
mailing list