[ale] Stupid Question Time

arxaaron arxaaron at gmail.com
Sat Feb 4 23:46:22 EST 2012


As follow up to David's excellent explanation of the need for sudo,
folks may be interested in looking over the slides for Michael Potters
extremely informative presentation on the topic:

http://www.replatformtech.com/Services/Downloads/Downloads.html

Michael presented this talk at the May, 2011 ALE Central meeting.
It exposes the depth of sudo as a refined tool for providing security
and access control at a number of different levels.

Michael is also revisiting his "Seat Belts and Airbags for bash"
talk at next Thursday's ALE-NW at SPSU meeting.  Great info
on error trapping and debugging for bash scripts.  Highly
recommended for first time or review.  Detailed notice at
<http://ale.org>, of course.

peace
aaron


On 2012/02/04, at 18:11 , David Tomaschik wrote:

> On Sat, Feb 4, 2012 at 5:54 PM, Michael Nolan  
> <michaeldnolan at gmail.com> wrote:
>> This is more of a follow up concept question...
>>
>> Why, if I used mount manager while in my user account, to mount the
>> drive with the two partitions (and probably had to enter my user
>> password), did it create mount points owned by root?
>>
>> It just makes no (real world) sense to me why, for the sake of
>> security and wisdom of using user accounts, (and not logging in as
>> root)... a command like sudo is even allowed to exist and be  
>> available
>> to the user account.
>>
>> I'm really not looking for an answer here... it's just an observation
>> from someone who is trying to apply logic to something they don't
>> understand, but want and need to.
>
> I think it's a very valid question, and deserves an answer.  Your user
> account can't mount devices, create filesystems (write to raw
> devices), etc.  There are a number of mechanisms by which elevated
> privileges are managed, and sudo is a mechanism for elevating those
> privileges.  In many ways, its similar to UAC on Windows (though long
> predates UAC) in that it gives you an ability to control with which
> privileges commands are run.
>
> Sudo also allows system administrators to control what commands a user
> can run and as what alternate users.
>
> The other oft-used mechanism for elevating privileges is actually
> using an IPC mechanism like D-Bus that allows unprivileged processes
> to "ask" privileged processes to perform tasks on their behalf.
>
> Hope that clarifies things!
>
> David
>
>
>
> -- 
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list