torriem at gmail.com
Sun Jan 18 03:09:16 CET 2015
On 01/17/2015 11:47 AM, Michael Ströder wrote:
>> sudo makes administrators careless, lazy and it is not simple at all.
> Admins must have separate accounts with separate credentials for
> administrative work and must be careful when using an administrative account.
Right. This is not a bad idea in a large organization.
In any case, Sudo is more auditable than su in my opinion, but more
importantly, it's much easier to revoke. With su, if I fire an admin, I
have to change root passwords on every machine, and redistribute the new
password to every admin that needs it. With sudo, I might still change
the root password, but I'll lock the root password up in a safe box
somewhere, and life goes on for everyone else. In fact with root
disabled entirely, the whole root password needing to be changed when a
person leaves the company is completely eliminated. sudo allows us
(especially with the idea about separate admin credentials) to have
multiple, controllable, auditable, root passwords in effect. Surely the
benefit of this can be seen.
Another good alternative to sudo is ksu, which is a kerberized su. This
also provides an excellent audit trail, and is easy to revoke. This may
be more to Mr. van der Horst's liking, as normally ksu is configured to
accept only principals with a /admin suffix (arbitrarily chosen). So
admins would have their normal principal, and their admin principal.
It's a pretty slick system if you have Kerberos up and running.
More information about the Python-list