Comment Re:SUDO should not even be in Linux (Score 1) 100
Arguably it depends on whether you are expecting sudo to act as a rigid security barrier that you can use to create accounts if intermediate privilege; or whether you are treating it mostly as a tool for people you'd give root to reduce the amount of stuff they actually run as root.
It's pretty tricky to use it as a security barrier, even when it works perfectly, because so many of the tools that you'd potentially want to use sudo to grant access to are not really designed to restrict the user: once you have a package manager running as root you can use it to do basically anything by installing a package that imposes the changes you want; all kinds of utilities can just pop a shell or be used to edit files; etc. Even if sudo itself is free of holes; you'd really need a whole set of deliberately constrained utilities in order to prevent it from being used for privilege escalation. At that point it probably makes more sense to rethink the security model from the other direction; and focus on reducing the number of operations that are root-only in favor of ones that can be delegated to groups.
Where it's much more useful is allowing someone who is basically trusted as root to not just log in as root and run giant chunks of software that don't need(and probably shouldn't be trusted with) high privileges with high privileges just because they logged in as root and so everything they do is running as root.
It's pretty tricky to use it as a security barrier, even when it works perfectly, because so many of the tools that you'd potentially want to use sudo to grant access to are not really designed to restrict the user: once you have a package manager running as root you can use it to do basically anything by installing a package that imposes the changes you want; all kinds of utilities can just pop a shell or be used to edit files; etc. Even if sudo itself is free of holes; you'd really need a whole set of deliberately constrained utilities in order to prevent it from being used for privilege escalation. At that point it probably makes more sense to rethink the security model from the other direction; and focus on reducing the number of operations that are root-only in favor of ones that can be delegated to groups.
Where it's much more useful is allowing someone who is basically trusted as root to not just log in as root and run giant chunks of software that don't need(and probably shouldn't be trusted with) high privileges with high privileges just because they logged in as root and so everything they do is running as root.