On 03/01/2010 05:03 PM, Ray Kohler wrote:
What would worry me is things like JavaScript exploits and worms - things that you download and then run as yourself, whether intentionally or not. A password prompt will block malware like that, but with no password, you just go owned in one step.
How would this be any different than 'sudo' configured to allow members of the wheel group to sudo w/o a password? Same answer - data prevails - set sudo to require a password? I have run servers for more than a decade with sudo/wheel group access enabled w/o a password - no problems. May have just been lucky :p Ray, all - any different thoughts about sudo w/o a password compared to su? Or same answer, with no password, you just got owned in one step :p -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com