Am 07.08.2018 um 13:20 schrieb The Wanderer:
> On 2018-08-07 at 05:58, Martin Drescher wrote:
> 
>> Hi members,
>>
>> I'm a little... lets say thoughtful, about the use of 'su' discussed
>> at some points in this list. I have a strong opinion about su, which
>> is, avoid it whenever it is possible and use 'sudo' instead. This is
>> the case in close to a 100% in all cases I can think of. This opinion
>> is based on how both programs work and deal with pam and
>> environmental variables. Not to forget: You will not need to share
>> (or in my case, not even set, but lock that account) a root
>> password.
>>
>> And I'm curious why Debian still prefers the use of su over sudo?
> 
> I'm not sure where you get the idea that Debian does prefer that.

It is not part of the base install. Besides the statement from Jonathan Dowland 
earlier.

> For my own machines to date (on most if not all of which I'm the primary
> if not sole user, or at least non-remote user), I don't even permit sudo
> to be installed. (Or at least I didn't, until I decided I wanted
> ubuntu-dev-tools - which depends on it - on one such machine. I may even
> revert that decision on further consideration.)

As a system operator, you need some elevated privileges on a daily basis. How 
do you do that without sudo?

> My rationale for doing that is (in crude form) that to permit any
> root-level things to be done with an ordinary user's password - even
> mediated by a task-limiting mechanism such as I understand /etc/sudoers
> to be - is a security hole; not only is an ordinary user's password more
> likely to leak (whether by social engineering or by malicious code
> running as the user or by anything in between), if you're not trusted to
> have the root password in addition to your own, you shouldn't be doing
> any root-needing things in the first place.

The point is not, that ONE person needs a root password. All people intended to 
do privileged things will have to share this password. This is a security 
nightmare!

> Over the years, I've moderated that position somewhat, enough to concede
> that there may be value in being able to hand out the ability to do some
> elevated-access things without handing out the ability to do all of
> them. That would just mean I'd want to set up various other (non-root,
> non-ordinary) users, with their own passwords and the necessary access
> to do those specific things, and hand out those passwords instead. (And

So you are spreading even more passwords around the world... No.

> still probably have people use something like 'su -c' instead of sudo,
> unless sudo permits requiring the password of a user other than the one
> invoking the command.)

Ok, you have not read the sudo man page, neither understood the concept. And 
why you do _not_ want to use 'targetpw'. No offence, but you really need to 
thin about your thesis on privilege management.


Martin 

Reply via email to