On Mon, Apr 10, 2017 at 11:28 PM, marc <marc...@welz.org.za> wrote: > > You still should use sudo, with a password - the user's own password. > > Using root password many times, every day, is bad for security (the more > > times you type it the higher the chances are it will be captured) and it > > instills the desire of an easy to remember and fast to type password. > >
As an aside here, avoid using sudo to allow untrusted or minimally trusted users to mount filesystems. There is a "user" option as well as an "owner" option in /etc/fstab, and default installations of /bin/mount are setuid root, allowing them to mount filesystems configured to be user-accessible according to administrator-determined settings without su or sudo. While this probably isn't completely secure, the attack surface is much smaller and it's much more secure than most mere mortals will be able to achieve with sudo, as correctly configuring sudo to limit the range of possible inputs is difficult to understand and prone to human error, where mount is instead rigidly limited to the approved mountpoints, devices, filesystem types, and options by design. Making a filesystem user mountable via fstab even implies noexec, nosuid, and nodev! There are still the potential security issues of a buggy /bin/mount executable and a buggy filesystem, but this approach at least eliminates a wide range of creative ways through which /bin/mount or the shell could be tricked into running a second executable with root permissions via sudo.
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
