[900] in athena10
Re: [athena10] sudo
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Jan 22 15:54:06 2009
From: Sam Hartman <hartmans@MIT.EDU>
To: Evan Broder <broder@mit.edu>
Cc: Robert Basch <rbasch@mit.edu>, Quentin Smith <quentin@mit.edu>,
Mitchell E Berger <mitchb@mit.edu>, Greg Hudson <ghudson@mit.edu>,
athena10@mit.edu
Date: Thu, 22 Jan 2009 15:52:20 -0500
In-Reply-To: <4978D990.4090700@mit.edu> (Evan Broder's message of "Thu, 22 Jan
2009 15:39:44 -0500")
Message-ID: <tslab9jt663.fsf@live.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
>>>>> "Evan" == Evan Broder <broder@MIT.EDU> writes:
Evan> Setting rootpw for sudo is weird. The goal here is to
Evan> provide a means of becoming root that non-Athena users are
Evan> used to. I've never seen a system configured with rootpw for
Evan> sudo before, so that seems kind of counterproductive.
Well, we want to be very careful not to enable sudo for random users
on machines with keytabs. I'd prefer not to enable it without rootpw
on cluster machines, but it would be actively harmful to enable on
machines with keytabs even if their configurations are otherwise
similar to cluster machines.
I guess it's not all that harmful if the machine actually has the
cluster root password.
