Re: Re: Re: Re: qx//, ssh -t (pseudo-tty) and sudo

Given that /etc/sudoers is supposed to be read-only (444), this smacks of an insecure installation.

However, my point was not that sudo is perfection, only that it is far more preferable to allowing root access to ssh.

If things get any worse, I'll have to ask you to stop helping me.

Comment on Re: Re: Re: Re: qx//, ssh -t (pseudo-tty) and sudo

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: qx//, ssh -t (pseudo-tty) and sudo by Roger (Parson) on Nov 12, 2003 at 02:31 UTC
Yes I agree with you that sudo is better than direct root acess. And on my system I don't allow remote root login anyway. Given that /etc/sudoers is supposed to be read-only (444), this smacks of an insecure installation. Yes the /etc/sudoers file was read-only, but my script does - `chmod u+w /etc/sudoers ... bits to modify my sudoers entry ... chmod u-w /etc/sudoers` [download] When I do a sudo make, every command inside the Makefile are automatically run with ROOT priviledges, so there is no secure system when I can do "sudo make". :) (I know this is OT, but interesting to know and talk about. So one thing I never do is to give people sudo access on make)	[reply] [d/l]
Re: Re: Re: Re: Re: Re: qx//, ssh -t (pseudo-tty) and sudo by shockme (Chaplain) on Nov 12, 2003 at 03:24 UTC
Okay, then you're original statement (Roger thinks ssh->root is as secure/insecure as ssh->sudo.) is somewhat qualified. I can live with that. It was that statement that led to my original reply. They're not the same, and I think we've both made that clear. The end. ;) If things get any worse, I'll have to ask you to stop helping me.	[reply]


good chemistry is complicated, and a little bit messy -LW
	PerlMonks