[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Login as root/su/sudo?



Enforced su/sudo (no direct root) do slow down an intruder
and do offer some marginal protection against mistypes,
but the main advantage here is _accountability_. Of course
sudo rm -rf /var/log/* is possible, but that's where remote
logging comes helpful.
--
 nickf3, my $0.03

On Mon, 7 Jun 2004, Adam ...:

> On Mon, Jun 07, 2004 at 07:01:28PM -0400, Adam Skutt wrote:
> > Adam wrote:
> > >
> > >Except that it also helps prevent you from accidently breaking your
> > >system.  I find people who log in as root end up doing something like rm
> > >-r * to clean up some random thing they were doing, but oops, they were
> > >in /, not /root like they thought. 
> > It only prevents you from doing dumb stuff like this if you actually
> > setup sudo to prevent you from running rm in certain directories.
> > That would pretty much kill its usefulness.  At best, you give it a list
> > of directories you want it to avoid, but that can still be beaten using
> > "../../*" or smiliar.
> > 
> > -- Adam Skutt
> 
> No, you see all the stupid output files I used to do random_task_x can
> be created, written and owned by a regular user.  So you don't run sudo
> rm -r, you just run rm -r.
> 
> Adam