Language Selection

English French German Italian Portuguese Spanish

Simplify the Use of Sudo

Filed under
Software
HowTos

Being in the security business, I am constantly surprised by how many companies continue to rely on security practices that they know to be poor. Organizations, large and small, make excessive use of the root user account to perform routine maintenance on their UNIX and Linux computers. Even though companies often chose UNIX or Linux for better security, they employ practices that seriously undermine this advantage.

There are many reasons to not rely on the use of the root account:

* Because you can do anything, it's easy to make mistakes with dire consequences
* When something goes wrong, it's impossible to figure out who was responsible
* If someone leaves the company or the IT group, you have to change the root password and let everyone know the new one
* The opportunity for mischief is high
* You'll never pass a security audit

Companies use the root account because the alternative requires a lot of work. All too often, easy beats smart.

rest here




More in Tux Machines

3 Linux questions from the community

In the last The Queue, I flipped the script and asked you questions as opposed to answering them. It was so well received, I'm going to keep it going with three more questions this month. I'll resume answering next month, so don't forget you can fill the queue with your questions about Linux, building and maintaining communities, contributing to an open source project, and anything else you'd like to know. While the previous two questions were a bit philosophical, this month we'll keep it fun. Read more

Flatpak 0.9.3 Linux App Sandboxing Framework Released with Many Builder Changes

Alex Larsson from the Flatpak team announces the release and immediate availability of the third maintenance update to the Flatpak 0.9 series of the open-source Linux application sandboxing and distribution framework. Read more

New CloudLinux 7 Beta Linux Kernel Available for Testing, Two Crashes Addressed

CloudLinux's Mykola Naugolnyi announced today, April 26, 2017, the availability of a new Beta kernel for users of the CloudLinux 7 operating system series, addressing various vulnerabilities discovered lately. Read more

5 more open source companies to watch in 2017

An exciting class of startups with a focus on enterprise IT are those built on open source foundations, in some cases commercializing and adding value to an already popular open source project. We recently highlighted 5 such open source-oriented companies, and below we introduce you to 5 more. Note that this list only contains companies that have announced funding over the past year or so, and isn't intended to be an all-inclusive compilation. Without further ado… Read more