Quote: Original post by Sneftel

Quote: Original post by Dmytry
Sneftel: sudo sh then screw with system to make proper root account if you wish.

I don't think you understand what it means to correctly configure sudo in a large multiuser environment.

ahh, classical theoretic argument, starting with "correctly".
Did you correctly configure sudo in a large multiuser environment? Where did you last see large multiuser environment with correctly configured sudo?

Quote: Original post by Dmytry
Did you correctly configure sudo in a large multiuser environment? Where did you last see large multiuser environment with correctly configured sudo?

It's true that it can be difficult to do an ironclad sudo configuration. But if by "correct" you mean "doesn't allow someone to do sudo sh", every single one of them. Not allowing shell access is pretty much what sudo is for. If not for that, sudo would be a two-line shell script.

Quote: Original post by Sneftel

Quote: Original post by Dmytry
Did you correctly configure sudo in a large multiuser environment? Where did you last see large multiuser environment with correctly configured sudo?

It's true that it can be difficult to do an ironclad sudo configuration. But if by "correct" you mean "doesn't allow someone to do sudo sh", every single one of them.

"Someone", yeah. Someone being some non-admin who's permitted to start and stop ssh daemon and reboot the machine, or do something similarly limited.
Real admins have to run rather arbitrary commands which you cannot predict in advance.

Quote: Not allowing shell access is pretty much what sudo is for. If not for that, sudo would be a two-line shell script.

sudo supports many uses... if sudo was made for correctly configured systems, it would not have this 'not asking for password in next 15 minutes' feature (which is IMO really stupid).

edit: BTW, I agree that this is what sudo should be used for. On my system (mandriva) i only use sudo so that mail and chat clients can run a script to flash a LED on my display without asking for root password (stupid but true, I can control power led on my display from command line through DDC, and when i was bored i made a script to flash it).

I'm not quite sure what you're getting at. Sudo doesn't prevent every form of intrusion? Good point.

Quote: Original post by Sneftel
I'm not quite sure what you're getting at. Sudo doesn't prevent every form of intrusion? Good point.

what i'm getting at is that use of sudo as substitute for su is stupid and gives no improvement. (sudo has its use yes, but not for real administrative work (which on systems with 'correctly configured' sudo has to include editing of /etc/sudoers file by the way, naturally permitting an override.))

Quote: Original post by Dmytry

Quote: Original post by Sneftel
I'm not quite sure what you're getting at. Sudo doesn't prevent every form of intrusion? Good point.

what i'm getting at is that use of sudo as substitute for su is stupid and gives no improvement. (sudo has its use yes, but this is not for using sudo to do real administrative work (which on systems with sudo has to include editing of /etc/sudoers file by the way))

Okay, point taken: A program which is configured to be able to do all the same things that su can do will not improve security over the use of su.

Quote: Original post by Sneftel

Quote: Original post by Dmytry

Quote: Original post by Sneftel
I'm not quite sure what you're getting at. Sudo doesn't prevent every form of intrusion? Good point.

what i'm getting at is that use of sudo as substitute for su is stupid and gives no improvement. (sudo has its use yes, but this is not for using sudo to do real administrative work (which on systems with sudo has to include editing of /etc/sudoers file by the way))

Okay, point taken: A program which is configured to be able to do all the same things that su can do will not improve security over the use of su.

The point is that administrator on your 'correctly configured multi-user environment' needs to be able to (for instance) edit sudoers file, and that is not matter of misconfiguration, that is matter of function.
The sudo is IMO useful for letting select people to start/stop server or reboot machine or do similar things but not let them do actual administrative tasks on the system.

Quote: Original post by Dmytry
The point is that administrator on your 'correctly configured multi-user environment' needs to be able to (for instance) edit sudoers file, and that is not matter of misconfiguration, that is matter of function.
The sudo is IMO useful for letting select people to start/stop server or reboot machine or do similar things but not let them do actual administrative tasks on the system.

I don't see any reason sudo needs write permissions to the sudoers file?

I guess what I'm trying to say is...there is no reason you can't have two tiers of admins. One limited, one not.