[ale] Stupid Question Time
    arxaaron 
    arxaaron at gmail.com
       
    Sat Feb  4 23:46:22 EST 2012
    
    
  
As follow up to David's excellent explanation of the need for sudo,
folks may be interested in looking over the slides for Michael Potters
extremely informative presentation on the topic:
http://www.replatformtech.com/Services/Downloads/Downloads.html
Michael presented this talk at the May, 2011 ALE Central meeting.
It exposes the depth of sudo as a refined tool for providing security
and access control at a number of different levels.
Michael is also revisiting his "Seat Belts and Airbags for bash"
talk at next Thursday's ALE-NW at SPSU meeting.  Great info
on error trapping and debugging for bash scripts.  Highly
recommended for first time or review.  Detailed notice at
<http://ale.org>, of course.
peace
aaron
On 2012/02/04, at 18:11 , David Tomaschik wrote:
> On Sat, Feb 4, 2012 at 5:54 PM, Michael Nolan  
> <michaeldnolan at gmail.com> wrote:
>> This is more of a follow up concept question...
>>
>> Why, if I used mount manager while in my user account, to mount the
>> drive with the two partitions (and probably had to enter my user
>> password), did it create mount points owned by root?
>>
>> It just makes no (real world) sense to me why, for the sake of
>> security and wisdom of using user accounts, (and not logging in as
>> root)... a command like sudo is even allowed to exist and be  
>> available
>> to the user account.
>>
>> I'm really not looking for an answer here... it's just an observation
>> from someone who is trying to apply logic to something they don't
>> understand, but want and need to.
>
> I think it's a very valid question, and deserves an answer.  Your user
> account can't mount devices, create filesystems (write to raw
> devices), etc.  There are a number of mechanisms by which elevated
> privileges are managed, and sudo is a mechanism for elevating those
> privileges.  In many ways, its similar to UAC on Windows (though long
> predates UAC) in that it gives you an ability to control with which
> privileges commands are run.
>
> Sudo also allows system administrators to control what commands a user
> can run and as what alternate users.
>
> The other oft-used mechanism for elevating privileges is actually
> using an IPC mechanism like D-Bus that allows unprivileged processes
> to "ask" privileged processes to perform tasks on their behalf.
>
> Hope that clarifies things!
>
> David
>
>
>
> -- 
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
    
    
More information about the Ale
mailing list