02-07-2007
sudo does not enhance security. Remove sudo and you will have a more secure system. But if you want to give a non-root user the power to run a few commands as root, sudo is a way to do that. sudo is open source and it has been around for quite a while. Lots of very smart people have inspected it for problems. There don't seem to be any surprises lurking in it. sudo is configurable and it can easily be misconfigured. So I trust sudo but I trust a system with sudo in use only after I inspect the configuration. One better approach is to not need sudo or anything like it. Need a command run as root? Contact an SA. Need to run a command as oracle? Contact a DBA.
An alternative is RBAC (role based access control). The NSA (National Security Agency) assembled a team to develop an RBAC system for Linux and actually posted the source code on the net. I believe that the required kernel changes have been roled into the latest linux kernel. Some distros support RBAC. I don't know a lot about RBAC. Not too many people do... it's rather new. It could certainly be misconfigured as well.
BTW, I fixed that typo.
6 More Discussions You Might Find Interesting
1. Solaris
Hi guys,
Why is the look and feel of CDE still the same? It hasn't changed at all.
-cadmiumgreen (1 Reply)
Discussion started by: cadmiumgreen
1 Replies
2. What is on Your Mind?
OK, be honest ...... :D (21 Replies)
Discussion started by: Neo
21 Replies
3. What is on Your Mind?
Helping some makes me feel like a fireworks salesman. They have so much power and so little education.
"Light fuse on end and drop cracker and run away fast."
"How fast?"
"Real fast the first time, and then you will know how fast. Oh, do not drop cracker into the bag of... (1 Reply)
Discussion started by: DGPickett
1 Replies
4. Solaris
Every once in a while, I take a peek at OpenIndiana, Nexenta and Illumos hoping to see the spirit of OpenSolaris rise and fly.
But I'm not real impressed with the level of activity.
What do you think? Is there still forward progress?
Is there a large reservoir of loyal Solaris users that... (1 Reply)
Discussion started by: KenJackson
1 Replies
5. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
6. What is on Your Mind?
I am trying to study this solaris OS. But each time I study, I feel like I didn't learn anything. Any suggestions?
Thanks (4 Replies)
Discussion started by: cjashu
4 Replies