On 12/15/11 6:02 AM, "Sam Onella" <barythrin at yahoo.com> wrote:
One reason to use/require sudo of root commands that
I've seen was for
auditing the use of root access/commands. It wasn't for security
purposes other than yes to give approved people access to priviledged
commands using their password and not reveal the root password, however
it nicely logs to your logging server that user ran x command. It was a
pain yes I wouldn't argue that and the change of habit from admins
sudoing to su takes a bit to get out of autopilot mode but it worked out
in the end.
The other comment was no of course it isn't a security measure or
preventing a non-admin from creating an account, however every
employer/employee should be getting a nice little motd or security
message indicating proper authorized use of the system and lack of
expectation to privacy. Creating an administrative account/backdoor
would be good grounds to be fired. It's just a security control.
Yeah, locks keep honest people honest. The purpose of security measures
is to raise the price too high to make it worth stealing. (Example: "If
you value your life as much as I value this motorcycle, don't [action
verb] with it!") -- Ian