Language Selection

English French German Italian Portuguese Spanish

Setting the record straight on sudo

Filed under
Software
Security

I recently read a blog posting that denounced the use of sudo as insecure because of the following (briefly summed up and paraphrased) reasons:

1. The idea that not using the root account is wrong, using root for everything is fine.
2. That using sudo for everything provides a false sense of security over performing an action as root directly
3. That using a user account password to get a root shell is a bad idea
4. That using a root shell is not dangerous, and that this “grave misunderstanding” came from the idea that running X as root is dangerous
5. That sudo has very little place in the Enterprise
6. That relying on sudo is foolish, because it has bugs
7. That everything should be done from a root shell, and that you should have to know the “uber-secret root password” to get that access

My first reaction to this blog posting was that the author had no idea how to use sudo properly or why you would want to. My second reaction was to give a big thank you to Ubuntu and OS X that, by default, provide a password-less root account and give administrators sudo access to everything, which pretty much leads to these kinds of silly anti-sudo articles.

rest here




More in Tux Machines

Imagination to release open MIPS design to academia

Imagination is releasing a free version of its Linux-ready MIPS MicroAptiv CPU to universities called “MIPSfpga,” which will offer fully transparent RTL. Imagination Technologies has developed a Linux-ready academic version of its 32-bit MIPS architecture MicroAptiv processor design, and is giving it away free to universities for use in computer research and education. As the MIPSfpga name suggests, the production-quality RTL (register transfer level) design abstraction is intended to run on industry standard FPGAs. Read more

Leftovers: Software

  • newsFish news client for ownCloud
    While I was using my Nexus 7, I missed the convenience of my news client, so I polished up the code a bit and ported it to Qt5/QtQuick2. Due to the excellent cross platform support of Qt, testing was done on the desktop, and it seems like it wouldnt be completely unusable as a desktop application, so, when I post the code to Github later, feel free to build yourself a desktop version!
  • Cantor in KDE Applications 15.04
    I started the Cantor port to Qt5/KF5 during previous LaKademy and I continued the development along the year. Maybe I had pushed code from 5 different countries since the beginning of this work. The change for this new technology was successfully completed, and for the moment we don’t notice any feature missed or new critical bug. All the backends and plugins were ported, and some new bugs created during this work were fixed.
  • What are good command line HTTP clients?
    The whole is greater than the sum of its parts is a very famous quote from Aristotle, a Greek philosopher and scientist. This quote is particularly pertinent to Linux. In my view, one of Linux's biggest strengths is its synergy. The usefulness of Linux doesn't derive only from the huge raft of open source (command line) utilities. Instead, it's the synergy generated by using them together, sometimes in conjunction with larger applications.

today's howtos

It Doesn't Look Like KDBUS Will Make It For Linux 4.1

While Linux 4.1 is bringing many new features and improvements, there's one addition that's noticeably absent. To frequent Phoronix readers, the missing feature is, of course, KDBUS. KDBUS developers had been planning to land it in 2014 but that didn't pan out and now most likely they're looking at a H2'2015 arrival for this feature. Read more Also: The Many Features Of The Linux 4.1 Kernel With Linux 4.1 You Can Play With The Chrome OS Lightbar Dell Keyboard Backlight Support In Linux 4.1 Intel Bay Trail & Cherry Trail CPUs To Run Faster With Linux 4.1