[arch-general] Tired of being asked for a password for "su"? Arch has the solution
Ray Rashif
schivmeister at gmail.com
Wed Mar 3 00:04:03 EST 2010
On 03/03/2010, Ty John <ty-ml at eye-of-odin.com> wrote:
> On Tue, 02 Mar 2010 20:24:20 -0600
> "David C. Rankin" <drankinatty at suddenlinkmail.com> wrote:
>
>> On 03/01/2010 05:03 PM, Ray Kohler wrote:
>> > What would worry me is things like JavaScript exploits and worms -
>> > things that you download and then run as yourself, whether
>> > intentionally or not. A password prompt will block malware like
>> > that, but with no password, you just go owned in one step.
>>
>> How would this be any different than 'sudo' configured to allow
>> members of the wheel group to sudo w/o a password?
>>
>> Same answer - data prevails - set sudo to require a password? I have
>> run servers for more than a decade with sudo/wheel group access
>> enabled w/o a password - no problems. May have just been lucky :p
>>
>> Ray, all - any different thoughts about sudo w/o a password compared
>> to su? Or same answer, with no password, you just got owned in one
>> step :p
>>
>
> sudo can be limited to only certain commands also. IMO su should remain
> as secure as possible and sudo should be customised for the situation.
It's all a moot point. If you want to talk about "things that you run
yourself", then su/sudo does nothing to help you in any way. Most of
the su/sudo thing derived from *NIX machines being academic remote
systems accessed by more than one person, and not a single-user
desktop which could be attacked and infected by the user's own epic
failures.
http://www.geekzone.co.nz/foobar/6229
--
GPG/PGP ID: B42DDCAD
More information about the arch-general
mailing list