[nycbug-talk] passwordless sudo: yay or nay?
Mikel King
mikel.king at olivent.com
Sat Nov 8 20:44:30 EST 2008
On Nov 8, 2008, at 6:33 PM, N.J. Thomas wrote:
> I've noticed a trend in the past few years where a lot of Unix users
> (a
> group in which I clump BSD, Linux, and Mac OS X) are using
> passwordless
> sudo.
>
> I've always thought this to be a security risk, if a local account
> with
> sudo access is compromised then the attackers have root access, so all
> my accounts that have blanket sudo access (i.e. "ALL=(ALL) ALL")
> need to
> enter a password.
>
> What is the current thinking/best practice on how to setup sudo on PCs
> and personal Unix-based desktops? Is passwordless sudo okay in this
> context?
>
> Thomas
Thomas,
Yeah it's bad, real bad, and you should never ever ever do it. It
will curl your hair, sour your milk, turning your beer into water and
cause mold to grow on all of your bread. Oh and of course give you
really bad breath.
But all that aside, there are a few instances when it is possibly
acceptable....
I find it a good way to protect me from myself especially after
spending 18 hours rebuilding a clients server and at 2 am when you
just ran out of coffee just before you try to type rm -rf...
Cheers,
m
More information about the talk
mailing list