undefined | Better HN

0 pointscbsmith10y ago0 comments

From an accountability standpoint, if each person logs in to the root account directly with a distinct private/public key, you can still have full individual accountability.

I'd think the complexity side of the sudo strategy is self-evident, so perhaps I'm not understanding the part that needs explaining.

0 comments

2 comments · 1 top-level

hackmiester10y ago· 1 in thread

I don't find 'sudo' to be complex at all. If in your situation I would have had the ability to log in as root, in my situation I will be in the 'wheel' group. It seems very straightforward to me.

cbsmithOP10y ago

I think you misunderstand my point. You have increased the complexity of securing the system. You now have each user's login shells, all of the joys of what those login shells touch, the sudo program and its configuration, all added to the attack surface.

j / k navigate · click thread line to collapse