Author: Rick Moen Date: To: dng Subject: Re: [DNG] gvfs depends on libsystemd0
Quoting Alessandro Selli (alessandroselli@???):
> You still should use sudo, with a password - the user's own password.
> Using root password many times, every day, is bad for security (the more
> times you type it the higher the chances are it will be captured) and it
> instills the desire of an easy to remember and fast to type password.
Sorry to say, I do not concur with either these assumptions or the chain
of reasoning provided. For the most part, I've already said why, so if
your view on that is different, we can reasonably just agree to
disagree.
Using a user password as a proxy for the root password is a lot worse
for security, IMO -- and in fact hugely weakening of overall system
security because you use it in a variety of other places for
non-sensitive use-cases, but it also has a secondary use to escalate
privilege to root. (Also, no, I do _not_ end up su'ing to root many
times every day or typically more than once in very many days.)
Something would have to be quite unusual to require using the root
password many times every day, in my experience. E.g., sometimes people
forget that many needs can be achieved through suitable group
membership. However, as I said to Steve Litt, IMO mounting/umounting
is, in the general case, security sensitive and ought to be treated with
caution, which includes not permitting arbitrary mounts/umounts by
unprivileged users. (As someone else said, standard mounts can/should
be automated using autofs, where appropriate.)
If your views differ, I am glad that works for you.