Bug#293830: sudo is undesirable

Loïc Minier Loïc Minier , 293830@bugs.debian.org
Sat, 26 Feb 2005 18:37:59 +0100 

        Hi,

On Sat, Feb 26, 2005, Joshua Rodman wrote:
> 
> Unfortunately, /etc/sudoers is a very poorly designed file with a
> confusing and difficult syntax.  Additionally, in order to provide user=
s
> with reasonable flexibility with specific tools you wish to allow them
> to use, you often open the door to complete root access via clever
> character susbstitutions.

 Well, that's poor configuration from the administrator.  (Please note
 you're not supposed to edit /etc/sudoers directly, but you should call
 "visudo" instead).
   I _personnally_ find the format of the file really good as it allows
 to define separately the commands that sudo might run, the users and
 user groups which will will run things, and finally the list of
 authorizations to run certain commands by certain users / groups with
 certain rights.  (I don't use the host part.)

> In short, sudo has a config which is hard to vet for correctness, is
> hard to provide useful functionality, and often allows user passwords t=
o
> be root-password equivalent.  

 I completely disagree, but if you don't like the format of the file and
 have suggestions for improvements, I presume you should file a bug on
 sudo instead.

> It is a poor tool.

 This is a subjective affirmation.  I use sudo all the time for my
 personal needs as an user because I want to be able to update my
 network settings for example, and I don't see another way to restrict
 my own rights as user to run this, and only this kind of commands.

> Do not cause gksu to require sudo, since requiring the root password ha=
s
> none of these problems.

 So if someone hijacks your account, he can run any command by spying
 your password?  I think your argument doesn't take the whole goal of
 sudo into account: the goal is to reduce the rights you offer to user
 to the bare minimum.  For example, only allow a fixed list of users to
 run a fixed list of commands, eventually with their user password
 instead of the root password (or no password at all).

 If you used the root password, then there's no restriction on the
 commands you can run, nor on who can run them with the root password,
 nor can you tell with which user the command will be run...

 However, sudo can be configured to ask for the root password and allow
 running any command, please see the "rootpw" (or "runaspw" for commands
 running as root), and see the default privilege specification:
    root    ALL=(ALL) ALL

   Bye,

-- 
Loïc Minier <lool@dooz.org>
"Neutral President: I have no strong feelings one way or the other."