Quoth kmself@ix.netcom.com, > I use a fairly liberal sudoers setting for my personal account. Yes, > this means that I'm usually only a few keystrokes away from being > root -- but that's what I'm after. And a password is still required.
I'm of the same opinion with regard to sudo. Basically, if you're the sort of person who never passes your password over the network in plaintext (ie., ssh, apop, etc.), then it's unlikely someone will be able to sniff your password. If an unpriveleged account is compromised, chances are it will be without the password (ie., a buffer overrun in a daemon running as something like nobody). Even if an attacker is able to get a shell running as your user, they still don't have access to the password file, and if they did, would have to decrypt your password. Without actually knowing your password, which sudo requires, having your account *isn't* equivalent to having root. Of course, I might have missed something somewhere... Anyone? cheers, damon -- Damon Muller | Did a large procession wave their torches Criminologist/Linux Geek | As my head fell in the basket, http://killfilter.com | And was everybody dancing on the casket... PGP (GnuPG): A136E829 | - TBMG, "Dead"
pgpz7QWqF5TEb.pgp
Description: PGP signature
