[902] in athena10
Re: [athena10] sudo
daemon@ATHENA.MIT.EDU (Evan Broder)
Thu Jan 22 15:58:53 2009
Message-ID: <4978DDF6.9000108@mit.edu>
Date: Thu, 22 Jan 2009 15:58:30 -0500
From: Evan Broder <broder@MIT.EDU>
MIME-Version: 1.0
To: Sam Hartman <hartmans@mit.edu>
CC: Robert Basch <rbasch@mit.edu>, Quentin Smith <quentin@mit.edu>,
Mitchell E Berger <mitchb@mit.edu>, Greg Hudson <ghudson@mit.edu>,
athena10@mit.edu
In-Reply-To: <tslab9jt663.fsf@live.mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sam Hartman wrote:
>>>>>> "Evan" == Evan Broder <broder@MIT.EDU> writes:
>>>>>>
>
> Evan> Setting rootpw for sudo is weird. The goal here is to
> Evan> provide a means of becoming root that non-Athena users are
> Evan> used to. I've never seen a system configured with rootpw for
> Evan> sudo before, so that seems kind of counterproductive.
>
> Well, we want to be very careful not to enable sudo for random users
> on machines with keytabs. I'd prefer not to enable it without rootpw
> on cluster machines, but it would be actively harmful to enable on
> machines with keytabs even if their configurations are otherwise
> similar to cluster machines.
>
> I guess it's not all that harmful if the machine actually has the
> cluster root password.
>
>
The sudo config only gets pulled in for debathena-cluster machines (or
people who are dumb enough to install debathena-cluster-login-config by
hand)
- Evan
