Has anybody had a good look at the new OpenBSD 'doas' replacement for sudo?
I hope doas will be as easy to set up as they claim, sudo can be a bit
of a pain to setup exactly how you want it.
DaveT
On 19/01/16 21:58, Stephanie Daugherty wrote:
On Tue, Jan 19, 2016 at 4:12 PM, Arnt Karlsen <a...@iaksess.no
<mailto:a...@iaksess.no>> wrote:
..why did Debian kill ssh into localhost?
Is su or sudo safer than ssh nowadays?
Because the architecture of Linux gurantees that root has a fixed
account name, fixed UID, and, if in a server environment, will be
essentially a shared account, it's considered a long standing best
practice to not let people log in directly as root, at least not
remotely. This makes sure there's an audit trail of logging in with
the unprivileged user and then elevating to root, rather than just the
root login that doesn't indicate which of possibly several users was
responsible. It also means a brute force against the root account is
more difficult to automate, since you need to attack an umprivledged
account first, and it offers a little bit of protection against a weak
root password.
sudo is generally the accepted way in the ubuntu world as well as in
most server environments these days, since the audit trail will record
exactly what commands were elevated and by who, and since only a
single command is run with elevated permissions, therefore dropping
back to an unprivledged command prompt after each elevated command.
su was the best practice long before sudo or even Linux ever existed,
and is still perfectly acceptable for hobbyists, desktops, and others
where there's exactly one *competent* admin for each machine. and may
even be a viable option in other, more controlled environments that
don't want to use sudo. Historically, on other *nixes, it was gated
with the "wheel" group, (and this can be done on Linux as well if the
admin wants to configure it this way).
Obviously, this has the additional advantage that, through some
tinkering with PAM, you can implement additional authentication
requirements just on root access - for example, you might let your
admins log in and look around with just their SSH key, but require
them to have an additional password or multifactor authentication
token to access root privileges.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng