[nycbug-talk] passwordless sudo: yay or nay?

N.J. Thomas thomas at zaph.org
Sat Nov 8 18:33:15 EST 2008


I've noticed a trend in the past few years where a lot of Unix users (a
group in which I clump BSD, Linux, and Mac OS X) are using passwordless
sudo.

I've always thought this to be a security risk, if a local account with
sudo access is compromised then the attackers have root access, so all
my accounts that have blanket sudo access (i.e. "ALL=(ALL) ALL") need to
enter a password.

What is the current thinking/best practice on how to setup sudo on PCs
and personal Unix-based desktops? Is passwordless sudo okay in this
context?

Thomas



More information about the talk mailing list