Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Root Access, Sudo, Etc.



Curt Sampson writes:

 > Well, I've had the discussion about sudo and so on with enough people
 > over the last couple of years that this morning I finally sat down
 > and spent two or three hours writing up a couple of thousand words of
 > detailed explanation of what I do and why I do it.

I think you should mention that your discussion is oriented to
sophisticated, responsible, etc users.  Not that what you actually
discuss would change, but there are certain additional measures that
you'd want to take in situations where you're talking about students,
secretaries, etc who probably should not be allowed to choose
passwords without help and so on.

Also, I gather that you are using sudo simply to give root access (in
general) to appropriate people based on authenticating as themselves,
rather than as root.  sudo can also be used (as can SSH) to restrict
the operations that can be done as the alternate user, and you
probably should mention that this opens up a bunch of other issues.
This again is more common when you are trying to give limited power to
people you don't quite trust with the full set of keys to the kingdom.

I don't see any need to go beyond mentioning that your application is
fully-empowered admins (assuming I"ve understood that correctly), and
that you're not talking about trying to restrict power to a subset of
root.

Otherwise, the post seems very complete and self-contained, with no
spelling errors I noticed. :-)



Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links