Objections to sudo

Mack, Jeff (XC Rochester) Jeffery.Mack at connect.xerox.com
Thu Feb 7 18:42:34 EST 2002


If I might me able to add my $0.02...  

I agree to both sides of this argument, seeing as I have been on each side
of the fence at one time or another.  The solution is use sudo and other
solutions in moderation where needed, but do not sacrifice security or
access in the process.  There are other solutions to accomplish your goals!
Unfortunately, sometimes it causes everyone to use a little creativity (and
a lot of work) in the process.

IMHO, if you have a production environment, there shouldn't be any lengthy
procedure that requires the use of sudo.  There should be another way to
accomplish the end result.  

If extreme "test" or "development" changes are being performing in a
production environment...it is a sure recipe for disaster.  :-)  A proper
"test" environment should be set up on another machine, the changes are
tested, a procedure drawn up, and then handed over to the proper group to
implement the changes - period.

Some essential commands could be wrapped with sudo, or a rksh'ed userid with
some kind or program or menu.  There are other ways to read system files,
make changes to critical system files, add users, etc.

I know not everyone has Solaris, and if you do it probably isn't Solaris
8...but, one example for Solaris 8 could be to set up role-based access...or
even setting proper ACLs on certain files.  I have not administered a HPUX,
AIX, or an OSF1/Digital UNIX/Tru64/whatever-they-call-it-today machine in a
while.  I'm sure these features exist for these and other Operating Systems
as well.

-jam

-----Original Message-----
From: Matthew Hannigan [mailto:mlh at zip.com.au]
Sent: Thursday, 07 February, 2002 16:54
To: Patricia.Naparsteck at kemperinsurance.com
Cc: sudo-users at sudo.ws
Subject: Re: Objections to sudo


Patricia.Naparsteck at kemperinsurance.com wrote:

> Some systems engineers have objected that sudo "may not be flexible enough
> " because each command would need to be wrapped.
> How would you respond to this objection?  What's a not so painful way of
> creating the sudoers file?
> Thanks.
> Pat


I think that that has some truth to it.  To make
a command truly secure, it is often not enough
to just put it in the sudoers file.  You have to make
a wrapper.  And for a system engineer or sysadmin to
their job, you would have to wrap or add just about
every command on the machine.

Still sudo can be useful.  If you just used sudo instead
of su it would provide a log and it would mean you
don't have to share the root password.  This can
mean that removing some as an admin can be done
very quickly and painlessly by removing them from
the sudoers.  (Compared to changing the root password
and informing everyone but them of the new one.)

Not entirely secure of course, but combine it with
secure logging (so you have a record of who was root and
when) and a file integrity program (so that things like sudo
itself are not compromised) and you have a far better system
than everyone knowing the root password.


-Matt





____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users



More information about the sudo-users mailing list