At 994418143s since epoch (07/06/01 10:15:43 -0400 UTC), Ethan Benson wrote: > On Fri, Jul 06, 2001 at 09:18:18AM -0400, Jason Healy wrote: > > types of > > passwords accepted to run root commands, etc). > > elaborate. > > the main reason i don't use sudo except for small things which cannot > grant a root shell in any way is for the simple reason the sudo > converts a normal unprivleged user password into another root > password.
I'm not a sudo expert, but I do use it and like it. I'll try to answer the questions asked here, but you really should READ THE DOCS before you believe everything I say. To your point (types of passwords), you can configure sudo (I think using PAM) to only work with user passwords, or one-time passwords (OTP), or whatever else PAM will take. This allows you to force sudo users to use passwords other than their standard account passwords. I'm a fan of OTP because when used correctly they're very secure, even over insecure connections (telnet). Other people asked why sudo is better than su. The main reason is audit trail; sudo keeps logs of commands. Additionally, you can grant limited command access to people. Admittedly, most commands can be leveraged to gain full root privs (shells, editors, cat, chmod, and so on), so you need to TRUST people you're giving sudo to. However, sudo is never any more dangerous than plain old su, if you think about it. Also, you don't want root logins to be a normal thing. You want to KNOW if root is logged in on your box. Script kiddies trying to get in will try to get in as root first. If you often log in as root, it's less likely that you'll notice if someone else logs in as root. Also, if you never use root as your login, you can restrict it severely (only allow root logins on the console, for example). Kiddies who break into user accounts pose less of a threat. Sure, one of those user accounts might be sudo-enabled, but to find out for sure, they have to run a command under sudo. If they aren't in the sudoers file, then sudo will log the incident and e-mail it to root. The odds of a script kiddie randomly hacking a sudo-enabled account on a box with hundreds of accounts is very low. Especially because anybody you give sudo to should be extra careful about security. Whew... that was a rant. Anyway, here are my tips for using sudo well. Feel free to add your own: 1) Trust the people you give sudo to (assume they can get root with whatever access you give them) 2) Make sure those people are extra anal about security (secure logins, good passwords, etc) 3) Check your logs religiously 4) Disable root from logging in, except from the console 5) Never log in as root. Use 'sudo -s' to get a shell if you must 6) Clamp down sudo as much as you are comfortable with, but don't drive people nuts. For example, think about using OTP, but don't do it if people are going to hate it so much that they'll undermine the system. Jason -- Jason Healy | [EMAIL PROTECTED] LogN Systems | http://www.logn.net/
