On 2005-11-15 21:15, Mike Marion wrote:
On Tue, Nov 15, 2005 at 04:08:52AM -0500, Ken Siersma wrote:
AFAIK, it has been standard practice for quite some time to not install sudo if you are concerned about security. I don't have it on my home system which has a direct connection to the internet, with good reason, or my firewall at work, which I installed a good 3 years ago.
Actually, the opposite is true. Sudo allows you to delegate specific commands to specific people if required. Otherwise, if they ever have to do anything that requires root permissions, they have to su to root.. now _that_ is a security hole! In fact, a really secure system is one that the admin _never_ su's to root on to run commands, but does everything via sudo. That way everything you (or anyone else using sudo) does can be controlled, and it's all logged.
If you don't like the timed caching of the password, change the settings on your machines to make it more secure. It's in the man pages.
Yeah, I was thinking the same, If you need password every time, people just do sudo su , and leave that shell open forever, and maybe forget about it. Why don't they add support for sudo in kdesu ????? Now when a user open YaST2 , kdesu ask for roots password, not very good. Better it looks for rules in sudoers, to figure out what YaST will let the user config using the login password. example if sudo allow me to run /sbin/yast2 sw_single , then YaST could allow me to click on install/remove software , but not allowing me to change installation_sources. I use my password in kdesu, but that is a hack with a /bin/su wrapper using sudo to gain root access. This part is still in HomePC status :-( YaST is all or nothing, and that is either to much or not enough for the user. Since I like YaST, it's a shame if we need to make another system that can use sudo. /birre