On Wednesday 14 May 2003 04:17 pm, Stewart James wrote: > Hi all, Hello Stewart,
> My manager just came in asking questions about sudo. We use sudo here as a > replacement for hacing to know root passwords - in general there are > around 5 of us who need root access to the machines we maintain. we > typically have just fallen back to a ALL=ALL for ourselves so we can just > prepend sudo to any command we need executed as root. > > Now in his mind this is removing a level of security. If someone manages > to get my password, they also can gain access to root via sudo. IN an > environment where I have 25+ machines, different passwords for all > machines is not that workable. > > What are other peoples thoughts on this? Where have I gone wrong in > implementation? What would be your recommendations in this case? Well, as you probably guessed, this is a big can of worms. You are using sudo the same way I am, and I believe it's proper. Some people might consider this to be removing a 'layer' of security, sure - it essentially makes it so any admin's password is just as good as the root password, to an intruder. Think about a scenario in which this would actually make a difference. If someone has cracked any admin's password, on a normal /etc/shadow-based system, why couldn't they also crack root? Sure, perhaps one could be sniffed, but that would point to another problem involving a lack of encryption. One might argue that root should have a 'harder to crack' password, but I would reply that administrators should be equally protected. So, basically, if you would really trust the integrity of your current system after some intruder has stolen an administrator password, then yes, using sudo is probably a bad idea. Just go back to su, which has a seperate set of risks involving sharing the single root password. If you (or your manager) really want multi-layered theoretical security, you should be taking advantage of SE Linux or something similar. (Cue Russell Coker explaining how well it solves this problem ... :) ) Having a second password for root might be an 'additional layer of security,' but IMHO it's a pretty weak one. - Keegan