Hello World

Sat Jan 17 13:47:38 EST 2015

albert at spenarnc.xs4all.nl (Albert van der Horst) wrote:
> In article <h9gqob-c3e.ln1 at esprimo.zbmc.eu>,  <cl at isbd.net> wrote:
>> Michael Torrie <torriem at gmail.com> wrote:
>>> On 01/17/2015 07:51 AM, Albert van der Horst wrote:
>>>> In article <mailman.17471.1420721626.18130.python-list at python.org>,
>>>> Chris Angelico  <rosuav at gmail.com> wrote:
>>>> <SNIP>
>>>>>
>>>>> But sure. If you want to cut out complication, dispense with user
>>>>> accounts altogether and run everything as root. That's WAY simpler!
>>>>
>>>> I didn't except this strawman argument from you.
>>>> Of course you need a distinction between doing system things as
>>>> root, and working as a normal user. You just don't need sudo.
>>>
>>> I just don't see the distinction.  What's the difference between having
>>> to type in a root password and having to type in your own administrative
>>> user password?  Guess we're all just struggling to understand your logic
>>> here.
>>>
>> One big distinction is that you need to know two passwords to get root
>> access if there's a real root account as opposed to using sudo.  This
>> only applies of course if direct root login isn't allowed (via ssh or
>> whatever).
> 
> The other is that if a dozen users have sudo possibility, one compromised
> password compromises the whole system.

Hmm, but it's much worse if a dozen users have to know the root password. With
this they can circumvent sudo completely (e.g. going over IPMI console).

> Compare that to
> "Dear administrator, I've to do this. Can I have the root password."
> "Sure here it is" Looks over users shoulder. "Are you ready?"
> Make sure he's logged out. Uses random generator for a new password.

This process does not work for dozens of admins maintaining thousands of
machines. Especially when something goes wrong in the night shift and has to
be fixed quickly.

> If there is something, anything, change the root password and check
> the disk for suid-root files.

Better require public key authc for SSH access and the user's own (one-time)
password for sudo. If your security requirements are really high mandate going
through a SSH gateway / jumphost.

> Security requires one thing: attention. And effort. So two things:
> attention and effort. And simplicity. So three things: attention,
> effort and simplicity.

Yes.

> sudo makes administrators careless, lazy and it is not simple at all.

Admins must have separate accounts with separate credentials for
administrative work and must be careful when using an administrative account.

Ciao, Michael.