In article <h9gqob-c3e....@esprimo.zbmc.eu>, <c...@isbd.net> wrote: >Michael Torrie <torr...@gmail.com> wrote: >> On 01/17/2015 07:51 AM, Albert van der Horst wrote: >> > In article <mailman.17471.1420721626.18130.python-l...@python.org>, >> > Chris Angelico <ros...@gmail.com> wrote: >> > <SNIP> >> >> >> >> But sure. If you want to cut out complication, dispense with user >> >> accounts altogether and run everything as root. That's WAY simpler! >> > >> > I didn't except this strawman argument from you. >> > Of course you need a distinction between doing system things as >> > root, and working as a normal user. You just don't need sudo. >> >> I just don't see the distinction. What's the difference between having >> to type in a root password and having to type in your own administrative >> user password? Guess we're all just struggling to understand your logic >> here. >> >One big distinction is that you need to know two passwords to get root >access if there's a real root account as opposed to using sudo. This >only applies of course if direct root login isn't allowed (via ssh or >whatever).
The other is that if a dozen users have sudo possibility, one compromised password compromises the whole system. The same administrators that like sudo will force the users into a "safe" password of at least 8 characters a special sign a number and a capital, instead of educating them to use a strong password like the_horse_eats_yellow_stones. 1] Chances are that one of the users has a password like ! (first special sign) 1 (first number) Q (first capital) followed by a weak 5 letter word (or even a guessable one). Compare that to "Dear administrator, I've to do this. Can I have the root password." "Sure here it is" Looks over users shoulder. "Are you ready?" Make sure he's logged out. Uses random generator for a new password. If there is something, anything, change the root password and check the disk for suid-root files. There is no such thing as automatic security. Security requires one thing: attention. And effort. So two things: attention and effort. And simplicity. So three things: attention, effort and simplicity. sudo makes administrators careless, lazy and it is not simple at all. >-- >Chris Green Groetjes Albert 1] I don't claim this is *very* strong, just strong. -- Albert van der Horst, UTRECHT,THE NETHERLANDS Economic growth -- being exponential -- ultimately falters. albert@spe&ar&c.xs4all.nl &=n http://home.hccnet.nl/a.w.m.van.der.horst -- https://mail.python.org/mailman/listinfo/python-list
