Am 07.08.2018 um 13:20 schrieb The Wanderer: > On 2018-08-07 at 05:58, Martin Drescher wrote: > >> Hi members, >> >> I'm a little... lets say thoughtful, about the use of 'su' discussed >> at some points in this list. I have a strong opinion about su, which >> is, avoid it whenever it is possible and use 'sudo' instead. This is >> the case in close to a 100% in all cases I can think of. This opinion >> is based on how both programs work and deal with pam and >> environmental variables. Not to forget: You will not need to share >> (or in my case, not even set, but lock that account) a root >> password. >> >> And I'm curious why Debian still prefers the use of su over sudo? > > I'm not sure where you get the idea that Debian does prefer that.
It is not part of the base install. Besides the statement from Jonathan Dowland earlier. > For my own machines to date (on most if not all of which I'm the primary > if not sole user, or at least non-remote user), I don't even permit sudo > to be installed. (Or at least I didn't, until I decided I wanted > ubuntu-dev-tools - which depends on it - on one such machine. I may even > revert that decision on further consideration.) As a system operator, you need some elevated privileges on a daily basis. How do you do that without sudo? > My rationale for doing that is (in crude form) that to permit any > root-level things to be done with an ordinary user's password - even > mediated by a task-limiting mechanism such as I understand /etc/sudoers > to be - is a security hole; not only is an ordinary user's password more > likely to leak (whether by social engineering or by malicious code > running as the user or by anything in between), if you're not trusted to > have the root password in addition to your own, you shouldn't be doing > any root-needing things in the first place. The point is not, that ONE person needs a root password. All people intended to do privileged things will have to share this password. This is a security nightmare! > Over the years, I've moderated that position somewhat, enough to concede > that there may be value in being able to hand out the ability to do some > elevated-access things without handing out the ability to do all of > them. That would just mean I'd want to set up various other (non-root, > non-ordinary) users, with their own passwords and the necessary access > to do those specific things, and hand out those passwords instead. (And So you are spreading even more passwords around the world... No. > still probably have people use something like 'su -c' instead of sudo, > unless sudo permits requiring the password of a user other than the one > invoking the command.) Ok, you have not read the sudo man page, neither understood the concept. And why you do _not_ want to use 'targetpw'. No offence, but you really need to thin about your thesis on privilege management. Martin
