[901] in athena10
Re: [athena10] sudo
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Thu Jan 22 15:56:00 2009
Cc: Sam Hartman <hartmans@mit.edu>, Robert Basch <rbasch@mit.edu>,
Quentin Smith <quentin@mit.edu>, Mitchell E Berger <mitchb@mit.edu>,
Greg Hudson <ghudson@mit.edu>, athena10@mit.edu
Message-Id: <9F6548D1-D753-451D-81F4-49099AF4E5C9@mit.edu>
From: Jonathan Reed <jdreed@MIT.EDU>
To: Evan Broder <broder@mit.edu>
In-Reply-To: <4978D990.4090700@mit.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Thu, 22 Jan 2009 15:55:01 -0500
I agree with Evan, if I saw a sudo prompt, I would enter my password,
and would probably sit there wondering why it's failing.
If we want sudo, it should either be passwordless or should require
the user's password, just like it would on their regular machine.
I'm not sure why asking for the user's password is sketchy, if the
machine is compromised, then it's compromised, and the user lost when
they typed their password into the login screen anyway, no?
I'm on the fence about passwordless sudo. I see the argument about
walking up to a random person's session and typing sudo and doing evil
stuff as root and having the logged-in user take the blame. OTOH,
someone can walk up to a random person's session and send hate mail to
all the faculty, too. There's not much we can do if people walk away
from workstations without locking the screen.
As I see it, the options are:
- No sudo, you use su (GNOME breaks horribly if you try and run any X
stuff while su'd)
- sudo with root password (confusing and unfamiliar for users)
- sudo with no password
- sudo with your own password (standard behavior on Ubuntu, users will
be used to it, has the advantage of the same behavior across all
Debathena flavors)
I vote for one of the latter two.
-Jon
On Jan 22, 2009, at 3:39 PM, Evan Broder wrote:
> Setting rootpw for sudo is weird. The goal here is to provide a
> means of
> becoming root that non-Athena users are used to. I've never seen a
> system configured with rootpw for sudo before, so that seems kind of
> counterproductive.
>
> - Evan
>
> Sam Hartman wrote:
>> I'd definitely feel a lot more comfortable with rootpw being the
>> default than asking for the user's password.
>>
>>
