[ale] bash commands

Brian Mathis brian.mathis+ale at betteradmin.com
Wed May 23 09:44:03 EDT 2012 

On Mon, May 21, 2012 at 8:44 AM, Lightner, Jeff <JLightner at water.com> wrote:
> I disagree with the purpose of sudo stated previously.  It was not designed
> to prevent System Admins from getting root access.  It was designed to allow
> NON-system admins to access only those few things they need as root without
> giving them the root password and full root access.


I understand how the purpose of sudo seems somewhat muddy -- after
all, all we UNIX folk like to think of each tool as having only one
purpose, unless it's a programming language or something.  Sudo can be
unclear because it provides a few different functions:
    - Limit users to running only some commands as root
    - Provide an audit trail of who executes what commands as root
    - Remove the need for anyone to know the root password
Those who don't like the idea of sudo often grab onto one or two of
these uses to make a point, but completely ignore the others.


> Over time PHBs have somehow decided that even System Admins shouldn’t have
> root which is why you see abominations like “sudo” only distros.   System
> Admins do spend a lot of their time as root no matter how much hand wringing
> is done by people that like to claim it isn’t secure.


You seem to be confusing "Management" with "those who manage".  If
you're a sysadmin then you are in the second category, at least you
better be otherwise you're just a techie who happens to get paid for
it.  As already stated, sudo is a very big help to anyone managing
root passwords.  Please see my previous email about this.

No one should be using shared accounts or know the root password,
because whenever the team changes you have to change the passwords and
tell everyone the new password (except each system should have a
different root password, so have fun with that).


> The sad thing about sudo is how many admins do not seem to understand what
> they’re giving to users with it.   The first place I saw it they gave users
> “sudo vi”.   I had to show them what “:!/bin/sh” did in such a session.   I
> also had to explain to them why sudo access to shell scripts that were not
> writable only by root in a directory only accessible by root was a bad idea.


This is the typical security wonk "sudo sucks" argument.  In
isolation, this back door is obviously a problem, but like any tool,
you need to be aware of it.  However, it's really about the tool you
are giving access to, not a problem with sudo itself.  There are
plenty of modes where granting access to commands through sudo do not
pose such a problem, so it's hardly the silver bullet argument that
kills sudo.


> I’ve only worked one place where I thought they handled sudo for Admins
> correctly.   They had syslog traffic going to a server NOT controlled by the
> Admins and any time you used sudo you had to put in a reason why and be
> prepared for a query from management because they got emails when you did
> it.   You could hide what you did after becoming root but not the fact that
> you HAD become root.
>
> We use sudo extensively here mainly for its (IMHO) original purpose.   One
> great use of it is to get rid of purely administrative accounts for
> applications where everyone knows the password.   By requiring users that
> need access to such administrative accounts to do “sudo su - <account>” you
> can log which user became that administrative user right before everything
> went to hell in a handbasket.


I'm not following here.  This last paragraph seems to contradict the
first few.  What you are doing with it here is perfectly in line with
the purpose of sudo, and what we have been talking about here.  Sudo
provides auditing and the ability to remove shared passwords,
including shared passwords to the root account.  It's the same thing.



On Tue, May 22, 2012 at 6:27 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> Big +1
>
> sudo is not a tool for admins.


I'm not sure how you could be following this thread and still say
that.  Despite these feelings about it, changes like this don't make
headway into common practice without being reviewed by a great many
security people.  As most distros have moved to this model, it appears
that they disagree with you.


❧ Brian Mathis

More information about the Ale mailing list