Clifton Royston wrote:
On Tue, Jan 20, 2009 at 03:09:16PM -0500, Akenner wrote:
Hi,
I'm using FreeBSD 7.1-RELEASE and I have multiple user accounts set up.
I made about 4 for myself to use and do various testing with, and made
some for my Wife as well because She knows UNIX better than I do anyway heh.
Anyway, one of the things I forgot about, was that FreeBSD by default
doesn't allow just anyone to use su.
Good advice given so far (pw is a good tool, direct editing works) but
I'd also suggest you consider installing and using sudo; I always
install it on all of my systems and use it probably 10-20 times as
often as su.
-- Clifton
and I recommend against sudo because it's very design is a
man-in-the-middle type of scenario, and one typo by the sudo devs can
possibly make a mess out of things.
I think sudo makes a lazy admin -- too easy to just run in and hit
something.
I think sudo is a false sense of security. If a user trusts another,
and give sudo access, why not give the whole OS to them?
Sudo's out there -- don't get me wrong, but you won't catch me dead with
a box with sudo installed. I think it's a very misleading tool. And
not to say they do -- but what if the devs put in a keygen...do you
monitor the sudo source code?
And if I remember correctly -- the way sudo gets it's work done is a
SUID bit to root. Those are the devil's eggs that hatch and just cause
havoc. A rogue CGI calling sudo to do something on the website, buffer
overflow (with php!) and you've gotten rooted.
No, no -- I hate sudo for it's own doing. It's going to eat itself alive.
</rant> No flames please.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
