Who uses SUDO on production machines? [was Re: [NCLUG] Why not Root?]

Michael Milligan milli at acmeps.com
Mon Mar 19 13:25:23 MDT 2007


John L. Bass wrote:
> I've always removed sudo from security critical production machines.
> I'm currious who installs it for security reasons and why.

In reality, I don't use sudo.  I delete it and install a different
program that does the same thing, albeit a subset, for which I have the
source code and has not changed in 10+ years.  This is only because the
source has been reviewed by people I trust, whereas I can't say the same
for the sudo code.  That's my only security reason, to use (an
alternative) sudo.

I use "sudo" for convenience, for all the reasons Sean covered.  It
allows for the root password to be *'d out.  You block all attempts to
login as root.  It allows for an audit trail to know who changed a
privileged configuration file, restarted a process, etc..  It ultimately
will not stop someone who exploits a flaw in the system to gain "root"
access privileges, either by local exploit, or remote exploit.  Sudo
doesn't address that at all.

One thing I think goes without saying is, when using "sudo", you
absolutely _have_ to trust anyone you give sudo access to.  Because it's
akin to breakin' eggs with a sledge hammer.  There's no granularity to
"root access" on a typical Linux/*nix box.

Regards,
Mike

-- 
Michael Milligan                                   -> milli at acmeps.com
Acme Professional Services LLC                        970-581-9948



More information about the NCLUG mailing list