On Jul 10, 2007, at 1:15 AM, John Sonnenschein wrote: > well, for one, sudo makes every user's password as valuable to an > attacker as root's. There's also the problem that a slightly > misconfigured sudo can give full root access to a potentially > malicious user. for example, allowing access to something which can > in some cases spawn a shell essentially makes that user root. > > RBAC on the other hand allows you to grant far more well-verified, > and infinitely finer grained ( for example, ACL's granting write > permissions to individual files ) privileges to a user.
I.e. sudo & RBAC hit different points on the security/convenience/ complexity curve. My experiences in the bad, bad old days with VAX/ VMS make me deeply suspicious of "fine-grained" security, but I'm willing to believe things have improved. However, I am far far from convinced that the world doesn't have a place for sudo, sensibly applied, and I *really* want to minimize the number of cases where we have to have dialogues of the form LinuxHack: Aagh. XXX is missing, and I use it all the time. SolarisGuru: You shouldn't want XXX, because Solaris has YYY which is better. You know, if YYY is really better, your typical *n*x hack will figure this out pretty quick and stop using XXX. > To be honest, I think doing away with the root account altogether > and replacing it with a half dozen administrative accounts would be > ideal. Once the initial shock of the new way of doing things was > over, it would be an ideal and wonderful change for both home users > and enterprise users over the 30 year old paradigm of (user | > superuser) Um, can we decouple the blow-up-*n*x-security-and-rebuild-from-zero project from the make-Solaris-more-appealing-to-the-world project? -Tim _______________________________________________ indiana-discuss mailing list indiana-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
