[CentOS] Orwell's 1984 from Freedesktop,org?
Valeri Galtsev
galtsev at kicp.uchicago.edu
Fri Jan 23 20:31:59 UTC 2015
On Fri, January 23, 2015 2:05 pm, Warren Young wrote:
> On Jan 23, 2015, at 12:35 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu>
> wrote:
>
>> As a matter of fact I tend to not use GUI admin tools since long ago.
>
> Bring back Xconfigurator!
>
>> I do prefer 3ware web RAID admin
>> interface anything else (it more transparently prevents me from making
>> fatal blunders - probably just me).
>
> No, not just you. tw_cli is needlessly confusing in its command
> structure.
>
> Compare the operation of the ZFS and btrfs command line tools, to see how
> it should have been done.
>
>> And yes, disabling root user and having sudo instead is on my evil list
>> too: yet another SUID-ed binary, and potential holes due to some garbage
>> in config file
>
> Given how old and battle tested sudo is, I think we can trust it.
>
> My only remaining unease comes from the fact that the sudo binary is about
> 4x the size of su.
>
> Still, I’m glad RH finally made it usable out of the box with EL7. The
> default config in prior versions was only usable by root, which made it
> little other than an alias for su.
>
>> BTW, su (with the same password for root as regular user
>> has), and attempt to use sudo are the fist two things bad guys try when
>> they log in with stolen password of regular user (after a compromise of
>> machine elsewhere).
>
> So don’t use the password for root or sudo-capable users elsewhere. If
> you don’t know for a fact that the connection is secure and the password
> is securely hashed, use a different password.
That is exactly what I meant to say to everybody (if you read the rest of
what I wrote you will realize that I don't make blunders of this
magnitude!). Thanks for spelling it out in more plain Engish language than
I managed to ;-)
Valeri
>
> Sudo offers many advantages that sudo does not, which counterbalance its
> risks, IMHO.
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the CentOS
mailing list