[linux-help] Re: 'chroot' help.

[Jeff <schaller@xxxxxxxxxxxxx>]

On Sun, 21 May 2000, Michael Holmes wrote:

> > Ahhh, sorry to confuse you more with 'sudo'. On my system, I can't
> > run 'chroot' as a user; that is, I can execute it, but it says
> > "Operation not permitted", so I used the sledgehammer of root.
> > What sudo basically does is run the given command with root
> > permissions; it's similar to "su root -c ...", only you don't have
> > to know the root password.  So, try just removing the 'sudo' part
> > of all the commands I gave.
> >
> NOW THIS MAKES ME NERVOUS!!  What if I want to hack your system; what,  with
> sudo I do not have to know your passwords?  :-(

Well, you'd have to know my password. Sudo will prompt you for
your password; there are options to have it 'cache' that for a
period of time, though. I also configured it with --tty-tickets,
which means that cache is only valid for the tty it was run on.

So even if you found a console where I was logged in, you'd
/still/ have to know my password in order to 'sudo' run anything.

Otherwise, you still would have to know to attack my non-root
account, and then once you find my password, to run sudo.

I think sudo is a nice tool in that it lets you distribute root
access in a fine-tuned way. It also logs every command, unlike
a simple "su root", which will tell you who and when, but not
what.

Now granted, if you don't trust people you're giving sudo access
to, that's a different problem.


-jeff, it's before 8am isn't it
-- 
Another possible source of guidance for teenagers is TV, but TV's message
has always been that the need for truth, wisdom and world peace pales by
comparison with the need for a toothpaste that offers whiter teeth *and*
fresher breath. -- Dave Barry, "Kids Today: They Don't Know Dum Diddly Do"


-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi