root vs user. installing firefox

Ken Moffat ken at linuxfromscratch.org
Sat Dec 20 17:41:35 PST 2008


On Sun, Dec 21, 2008 at 01:23:20PM +1300, Simon Geard wrote:
> 
> Besides, I don't really like configuring sudo to not need a password,
> even if I narrow it down to very specific commands. From experience,
> it's too hard to configure safely - I can obtain root shells on most of
> the servers at work by exploiting subtle sudo weaknesses, and I don't
> want to reproduce that on my own machine. I mostly use it as a more
> convenient syntax of 'su -c', requiring the root password rather than a
> user password to do anything.
> 
 I'm still having trouble understanding why people think sudo is
safer, even where it is configured to require a password (I accept
that restricting it to specific commands is safer, but probably
inconvenient in BLFS).  In OSX I have to type my user password the
first time I sudo, but then ISTR I can continue to sudo for a period
of time without repeating the password.

 But then, people have been known to use empty passphrases with
subversion - I can see the convenience (e.g. in svn blame), but it
doesn't mean it's a good idea.

ĸen
-- 
das eine Mal als Tragödie, das andere Mal als Farce



More information about the blfs-support mailing list