Autore: Alessandro Selli Data: To: dng Oggetto: Re: [DNG] gvfs depends on libsystemd0
On 10/04/2017 at 23:43, Rick Moen wrote: > Quoting Alessandro Selli (alessandroselli@???):
>
>> You still should use sudo, with a password - the user's own password.
>> Using root password many times, every day, is bad for security (the more
>> times you type it the higher the chances are it will be captured) and it
>> instills the desire of an easy to remember and fast to type password.
> Sorry to say, I do not concur with either these assumptions or the chain
> of reasoning provided. For the most part, I've already said why, so if
> your view on that is different, we can reasonably just agree to
> disagree.
>
> Using a user password as a proxy for the root password is a lot worse
> for security, IMO -- and in fact hugely weakening of overall system
> security because you use it in a variety of other places for
> non-sensitive use-cases,
IMO, using root's password in those same cases is the worst possible
password use case. One thing is your non-privileged user's password
being captured when you mount an external drive, a different thing is
giving away root's password performing the same trivial task.
> but it also has a secondary use to escalate
> privilege to root.
Just like using su does.
> (Also, no, I do _not_ end up su'ing to root many
> times every day or typically more than once in very many days.)
Well, at work I often need to use both my own of fellow colleagues'
drives. But your experience might be well different compared to mine.
> Something would have to be quite unusual to require using the root
> password many times every day, in my experience.
Needing to type it just to mount an external drive increases the
chances it will be used many times when easily avoidable.
> E.g., sometimes people
> forget that many needs can be achieved through suitable group
> membership.
This too would be a better solution than having to use su to just
mount external drives.
> However, as I said to Steve Litt, IMO mounting/umounting
> is, in the general case, security sensitive and ought to be treated with
> caution, which includes not permitting arbitrary mounts/umounts by
> unprivileged users.
This is precisely the reason I suggested using sudo, which allows
fine-tuning who gets to do what as another user.
> (As someone else said, standard mounts can/should
> be automated using autofs, where appropriate.)
This too is much better than having to use su.
> If your views differ, I am glad that works for you.
I actually do not use sudo to mount external drives, just to
cryptsetup then open/close.