sudo and security

Ladner, Eric (Eric.Ladner) Eric.Ladner at chevrontexaco.com
Thu Jan 15 09:00:10 EST 2004 

Personally, I don't see having sudo with ALL privs as less secure
(although, you could take the argument that now there are two passwords
you can crack to get root level access to the machine).  Plus, as you
mentioned, there is logging, so you can see who is doing what.  But, if
somebody does "sudo /bin/ksh", you can see that they did it, but not
specifically what they did once the shell launched.  

Still, the root password is not wide spread when using sudo, so it SEEMS
more secure.  Consider also that if some yahoo changes your root
password on one of your boxes, you are locked out (short of rebooting in
single user and changing it back).  Sudo can save your butt in some
cases like that, as can a secure shell (i.e. ssh) set up correctly.
Also, people that just need to run one or two commands can be given them
specifically with sudo, rather than giving them the run of the whole box
just to start up a backup or some service on the machine, which is
definitly more secure.

Just my 0.02.

Eric

-----Original Message-----
From: sudo-users-bounces at sudo.ws [mailto:sudo-users-bounces at sudo.ws] On
Behalf Of Dan Rue
Sent: Tuesday, January 13, 2004 11:22 AM
To: sudo-users at sudo.ws
Subject: sudo and security


Greetings, 

I am considering implementing sudo at my shop.  The problem is that I am
concerned that it will lead to a less secure environment, and was hoping
to get some feedback from the experts.  

We have an environment with 6 or so people with root privelages, on 10
or so servers.  Currently, rootly power is being overused, imho.  The
problem is that these rootly people are not going to be happy about
losing root.  So, at first, I will need to allow everyone to do
everything with sudo.  And, there will always be a couple (3-4) people
that will always need to be able to do everything.  

So, if you have people using sudo, but they have ALL privileges, it
seems less secure to me because then, they only need their password to
do rootly things - whereas before they needed at least an additional
password.  For instance, with our current setup, if someone's personal
password is compromised, and a malicious user was able to log into a
machine, they would still not have root access without further hacking.
However, with sudo enabled, the intruder would have immediate control of
the system.  

I understand the benefits of sudo what with logging and such - but if a
couple of people have full access I see it as less security, not more.
Am I wrong?

Thanks for any feedback, 
Dan ____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list