Supressing password request from 'sudo'
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Apr 4 00:07:11 UTC 2005
On Apr 3, 2005 1:02 PM, Madison Kelly <linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org> wrote:
> William O'Higgins wrote:
> > To use sudo without requiring a password, but something like the
> > following in your sudoers file (with visudo, usually):
> >
> > username ALL=NOPASSWD:/path/to/command
> >
> > That works for me.
>
> In the early days of my program that is exactly what I did. I decided
> though that I wanted to pass the password (from a protected file)
> because I hope that the program will be used by others. For that reason
> I thought that asking people to add 'NOPASSWD' was too insecure.
I don't see the advantage to using the password, here.
If you use the password, that means that for the "other" to be able to
run the program, they have to have YOUR password, and so have the
ability to masquerade as you and to do ANYTHING you can do, as you.
I'd be MUCH more comfortable with granting the other users access to
the particular command "sans password;" while there can be arguments
made to the effect that that's not 'totally secure,' it seems to me
that giving out YOUR password represents a ludicrous breach of
security.
--
http://www3.sympatico.ca/cbbrowne/linux.html
"The true measure of a man is how he treats someone who can do him
absolutely no good." -- Samuel Johnson, lexicographer (1709-1784)
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list