Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for June 20, 2013
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Sure, having setuid on 'ping' is crazy, but having setuid bit on 'sudo' is downright logical.
Posted Jan 6, 2011 17:01 UTC (Thu) by solardiz (guest, #35993)
The alternative to the su/sudo approach is direct root logins. And the solution to the accountability problem (with multiple sysadmins) is multiple root-privileged accounts (with a distinct naming convention for clarity).
Occasional exceptions do exist. In our experience, less than 10% of server systems would potentially benefit from sudo, and a safer approach can be used on those anyway: we generally prefer ssh forced commands - that is, command=... in authorized_keys - even if this is to be invoked by a local account on the system itself, such as by a support person who is not a "full" sysadmin.
Posted Jan 6, 2011 17:15 UTC (Thu) by solardiz (guest, #35993)
(*) ...nor any similarly-privileged-on-exec programs, such as with fscaps with a root-equivalent capability set. We do not use fscaps in Owl 3.0.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds