DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security
Reload this Page use sudo(8) or change permission?
FAQ Today's Posts Search

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th October 2014
spiderpig spiderpig is offline
Port Guard
  
Join Date: May 2008
Posts: 29
Default use sudo(8) or change permission?
Seeing this guide on relaxing/modifying permissions making USB devices accessible by normal users:

http://daemonforums.org/showthread.p...1579#post51579

I have the following question:

From a security standpoint, is this practice as secure at simply configuring sudo to access such devices? I've always accessed USB devices that way, & always thought that staying close to how the default installation is more prudent...

Opinions and discussion are appreciated!

Thanks!
Reply With Quote
  #2   (View Single Post)  
Old 11th October 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
  
Join Date: May 2008
Location: USA
Posts: 7,983
Default
The use of sudo(8) is not necessarily better or worse. We can misconfigure /etc/sudoers just as easily as we can misconfigure nodes in /dev.

What matters is governance. What authorizations are being controlled? What powers are granted to the authorized user? And, not only do we authorize users.. we authorize applications -- sometimes, without realizing it.

For many years, I placed my administrative accounts in both wheel and operator groups. But I realized, with a little help from sthen@, that I was giving every application I executed the same access to these GIDs.

I no longer give my wheel users access to the operator group. Not directly. They can dump(8) filesystems only after changing userids, which they can do with sudo conveniently. The humans (me, mainly) are trusted. The software they run day-to-day ... not as much.
Last edited by jggimi; 11th October 2014 at 03:34 AM. Reason: Corrected Stuart Henderson's @openbsd.org address
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do you su or sudo? ocicat General software and network 18 22nd July 2011 06:03 PM
FFS permission issue marc OpenBSD General 2 2nd February 2009 07:31 PM
user permission... lumiwa FreeBSD General 12 30th September 2008 02:28 AM
SUDO Wildcards jcatrysse FreeBSD Security 2 30th June 2008 07:18 AM
Permission denied delboy FreeBSD Ports and Packages 11 24th May 2008 09:26 PM


All times are GMT. The time now is 10:37 PM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick