[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: New protocol proposal fishs://
From:       Marc Espie <espie () quatramaran ! ens ! fr>
Date:       2003-03-25 12:20:56
[Download RAW message or body]

In article <200303241108.03224.mike@nachbaur.com> you write:
>On March 24, 2003 06:56 pm, Willy De la Court wrote:
>> This would connect over ssh to "somehost" authenticate with "someuser" and
>> then su to root and execute the .fishsrv.pl This could be very important to
>> some of the more security-savy people like Martijn Klingens said.
>
>I would prefer that sudo were used, rather than "su".  I really dislike using 
>su, since that means all the junior system administrators now need to know 
>the root password.  I therefore use sudo exclusively in all my servers, so I 
>can selectively assign rights to those who need them.  If you really need 
>full root privilidges on a remote computer, then give yourself sudo ALL 
>access, and use your own personal password.
>
I have had sudo extensions for kdesu floating around. The kdesu maintainer
didn't want them, because he wanted to reorganize kdesu first...
I have dropped the ball for now, feel free to pick it up and broach the issue
with him.

Having a knob that switches from su to sudo is perfectly trivial, and fits
perfectly in kcontrol.

Objections to installing sudo being difficult do not stand when:
- sudo is switchable,
- some unices come with sudo out of the box. Campaign to your favorite
distributor so that sudo gets installed by default.
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]