On Saturday 12 January 2008, Craig White wrote: >On Sat, 2008-01-12 at 23:20 -0500, Gene Heskett wrote: >> On Saturday 12 January 2008, Mike Williams wrote: >> >On Jan 12, 2008 5:53 PM, Gene Heskett <gene.heskett@xxxxxxxxxxx> wrote: >> >> >From the sudoers file: >> >> >> >> [...] >> >> ## Allow root to run any commands anywhere >> >> root ALL=(ALL) ALL >> >> gene ALL=(ALL) ALL >> > >> >Sure looks okay to me. Note that you can also use: >> >gene ALL=(ALL) NOPASSWD: ALL >> >> I'm not sure I'd want that. While this house is secure, and dd-wrt is >> between this box and the net, I think that might be trusting things a wee >> bit much. >> >> In fact, my password, while longer than most, is about half the length of >> roots, which is so long its not usable with ssh or samba. For that >> reason, I wouldn't mind being forced to use roots password to sudo. Is >> that possible? > >---- >I'm thinking that doesn't make much sense. What would make more sense is >that if you don't trust yourself (or your password, like others know >your password), create another user, give that user sudo power and >simply su to that user instead. _I_ trust me, and the missus is computer illiterate, but someone who knows a lot about me could probably find that pw given enough time. ISTR I had John hammer on it for an hour or so a year back, so it isn't quite as easy as it looks I guess. John The Ripper didn't find it in that time frame. >There are some protections afforded to root that by default are not >given to users (interactive rm for example) and vice versa. For that >reason, I like to simply su to root when I need root privileges and stay >as user when I don't. I will keep that in mind, and have done so in the past when sudo didn't work. >Craig Thanks. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) C for yourself.
