Názor k článku Přechod z OS Windows na Linux od X - Why Use Sudo? Other than the...

  • Článek je starý, nové názory již nelze přidávat.
  • 15. 10. 2008 11:23

    X (neregistrovaný)
    Why Use Sudo?

    Other than the obvious fine-grained access control sudo provides, there are a few other benefits to using sudo. One of the biggest advantages is the command logging. Every sudo(8) command is logged, making it very easy to track who has done what. Also, once you have sudo(8) configured correctly, the senior sysadmin can change the root password and not give it out. Nobody should need the root password if they have the correct sudo permissions, after all! Reducing the number of people who have the root password can help reduce security risk.


    Also, sudo(8) can be run on almost all UNIX and UNIX-like operating systems. What's more, a single configuration file can be used on all of these systems, vastly easing administrator overhead.

    Disadvantages to Sudo

    By far, the most common disadvantage to sudo(8) is that junior administrators don't like it. If
    people have traditionally had root access on a system, they will perceive that they're losing
    something when the senior administrator implements sudo(8). The key to overcoming this is to
    make sure that people have the access that they have to actually perform the tasks that they're
    responsible for. If a junior administrator complains that he cannot perform a task, it means that
    he has either overreached his responsibilities or he needs more privileges.

    The permissions syntax can be confusing until you understand it. Getting everything correct can
    be difficult the first time. Once you understand how sudo(8) manages its permissions, however,
    it's very quick and easy.

    Finally, a faulty sudo(8) setup can create security holes. A thoughtless configuration will create
    holes in the system that a clever junior administrator can use to actually become root. This
    problem is best dealt with by a combination of careful configuration and administrative policy.

    Nejak tam nevidim nejake extremni nevyhody.Krome toho,ze se to clovek musi naucit.