[nycbug-talk] passwordless sudo: yay or nay?
Dan Colish
dan at radiusim.com
Sat Nov 8 19:46:56 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, Nov 8, 2008 at 6:33 PM, N.J. Thomas <thomas at zaph.org> wrote:
I've noticed a trend in the past few years where a lot of Unix users (a
group in which I clump BSD, Linux, and Mac OS X) are using passwordless
sudo.
I've always thought this to be a security risk, if a local account with
sudo access is compromised then the attackers have root access, so all
my accounts that have blanket sudo access (i.e. "ALL=(ALL) ALL") need to
enter a password.
What is the current thinking/best practice on how to setup sudo on PCs
and personal Unix-based desktops? Is passwordless sudo okay in this
context?
Thomas
_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
I don't want to speak for everyone, but I believe passwordless sudo is
always a mistake. If a user needs to run something without tty, for
example, its better to correct permissions so that user can run the
process properly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: http://getfiregpg.org
iEYEARECAAYFAkkWMuYACgkQUYkOIhDLq7ankACeNcHMEIw6JAcNYuuhVGBFJ46Y
2LgAniPaU56yeJ3zv9Y2/G8trdYwwzvq
=eY9N
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20081108/3be98002/attachment.html>
More information about the talk
mailing list