From owner-freebsd-questions@FreeBSD.ORG Wed Jan 21 04:23:46 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ACB40106566C for ; Wed, 21 Jan 2009 04:23:46 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.172]) by mx1.freebsd.org (Postfix) with ESMTP id 70A468FC1A for ; Wed, 21 Jan 2009 04:23:46 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so3876037wfg.7 for ; Tue, 20 Jan 2009 20:23:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=4F1m7QaiHZaoAwoHpxS4QtrFwGZqlBQnEgEwc4fEZPs=; b=QYfQRrOqBpPQTUmJLlJmMBhLI/97c2oiZXfKe21DkvwSz1En1GEhnkPRfBJBHrJ+aZ U8bHyHUzsnrDIJDCKsRqR45Jh6NUlOqujgjiGjwccHhjIJjm/O4bBbbnEcdBq3ZmB0RC 2fuMt4gaJ7X6e+AyD8P3ZBJnrO3JSJtIbNhrw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=BtpywFokbrCYQYquA56tyqc0HITgZCSoNAugeVM9EA5Rq8FDdFH2k8bNw9OMSLQ0ni 06CQvFPO9Kh7EwtI+qQ/QpoOFz3vNfAVZQZ9OcJUz5W0S4cksBfEJ+jJTTO0YoszNrmf gAH5dLvRVbIkp8r096enEY1n5waPNlQuwyMOM= Received: by 10.142.180.20 with SMTP id c20mr721403wff.129.1232511826367; Tue, 20 Jan 2009 20:23:46 -0800 (PST) Received: from ?192.168.4.44? (c-68-35-57-46.hsd1.nm.comcast.net [68.35.57.46]) by mx.google.com with ESMTPS id 22sm15311738wfi.58.2009.01.20.20.23.44 (version=SSLv3 cipher=RC4-MD5); Tue, 20 Jan 2009 20:23:45 -0800 (PST) Message-ID: <4976A344.3090106@gmail.com> Date: Tue, 20 Jan 2009 21:23:32 -0700 From: Tim Judd User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Clifton Royston References: <49762F6C.8040404@comcast.net> <20090120222942.GB26526@lava.net> In-Reply-To: <20090120222942.GB26526@lava.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Akenner , questions@freebsd.org Subject: Re: Edit user groups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2009 04:23:47 -0000 Clifton Royston wrote: > On Tue, Jan 20, 2009 at 03:09:16PM -0500, Akenner wrote: > >> Hi, >> >> I'm using FreeBSD 7.1-RELEASE and I have multiple user accounts set up. >> I made about 4 for myself to use and do various testing with, and made >> some for my Wife as well because She knows UNIX better than I do anyway heh. >> >> Anyway, one of the things I forgot about, was that FreeBSD by default >> doesn't allow just anyone to use su. >> > > Good advice given so far (pw is a good tool, direct editing works) but > I'd also suggest you consider installing and using sudo; I always > install it on all of my systems and use it probably 10-20 times as > often as su. > > -- Clifton > > and I recommend against sudo because it's very design is a man-in-the-middle type of scenario, and one typo by the sudo devs can possibly make a mess out of things. I think sudo makes a lazy admin -- too easy to just run in and hit something. I think sudo is a false sense of security. If a user trusts another, and give sudo access, why not give the whole OS to them? Sudo's out there -- don't get me wrong, but you won't catch me dead with a box with sudo installed. I think it's a very misleading tool. And not to say they do -- but what if the devs put in a keygen...do you monitor the sudo source code? And if I remember correctly -- the way sudo gets it's work done is a SUID bit to root. Those are the devil's eggs that hatch and just cause havoc. A rogue CGI calling sudo to do something on the website, buffer overflow (with php!) and you've gotten rooted. No, no -- I hate sudo for it's own doing. It's going to eat itself alive. No flames please.