[Wylug-discuss] Sudo
Anne Wilson
cannewilson at googlemail.com
Fri Apr 11 15:38:02 BST 2008
On Friday 11 April 2008 15:21:01 Smylers wrote:
> > user ALL=(ALL) NOPASSWD:ALL
> >
> > Can this really be safe?
>
> Not in the usual sense of the word, no. (But don't blame sudo for
> that!)
>
> But in the context of a home PC it may not be terrible. Many PCs --
> whatever OS they are running -- have only one user, or everybody logs in
> as the same user, or everybody has full admin privs anyway (or knows the
> root password, or whatever).
>
While probably true on a desktop box, I can't feel happy with that on a
laptop, which, to all intents and purposes the EeePC is. As long as I have
to give a separate, different password for root access it does mean that any
intruder has to fight twice as hard and long to do the hidden harm.
> The "NOPASSWD:" bit also means that any software you download can easily
> run anything as root; without that any human can still choose to run any
> command as root, but at least the prompt for his password would make him
> aware of it.
So should I change that to "PASSWD"? Or does it require something different?
Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://list.wylug.org.uk/pipermail/wylug-discuss/attachments/20080411/2fa0c122/attachment.bin
More information about the Wylug-discuss
mailing list