On 10/04/2017 at 23:43, Rick Moen wrote:
> Quoting Alessandro Selli (alessandroselli@???):
>
>> You still should use sudo, with a password - the user's own password.
>> Using root password many times, every day, is bad for security (the more
>> times you type it the higher the chances are it will be captured) and it
>> instills the desire of an easy to remember and fast to type password.
> Sorry to say, I do not concur with either these assumptions or the chain
> of reasoning provided. For the most part, I've already said why, so if
> your view on that is different, we can reasonably just agree to
> disagree.
>
> Using a user password as a proxy for the root password is a lot worse
> for security, IMO -- and in fact hugely weakening of overall system
> security because you use it in a variety of other places for
> non-sensitive use-cases,

IMO, using root's password in those same cases is the worst possible
password use case. One thing is your non-privileged user's password
being captured when you mount an external drive, a different thing is
giving away root's password performing the same trivial task.

> but it also has a secondary use to escalate
> privilege to root.

Just like using su does.

> (Also, no, I do _not_ end up su'ing to root many
> times every day or typically more than once in very many days.)

Well, at work I often need to use both my own of fellow colleagues'
drives. But your experience might be well different compared to mine.

> Something would have to be quite unusual to require using the root
> password many times every day, in my experience.

Needing to type it just to mount an external drive increases the
chances it will be used many times when easily avoidable.

> E.g., sometimes people
> forget that many needs can be achieved through suitable group
> membership.

This too would be a better solution than having to use su to just
mount external drives.

> However, as I said to Steve Litt, IMO mounting/umounting
> is, in the general case, security sensitive and ought to be treated with
> caution, which includes not permitting arbitrary mounts/umounts by
> unprivileged users.

This is precisely the reason I suggested using sudo, which allows
fine-tuning who gets to do what as another user.

> (As someone else said, standard mounts can/should
> be automated using autofs, where appropriate.)

This too is much better than having to use su.

> If your views differ, I am glad that works for you.

I actually do not use sudo to mount external drives, just to
cryptsetup then open/close.



--
Alessandro Selli <alessandroselli@???>
Tel. 3701355486
VOIP SIP: dhatarattha@???
Chiave PGP/GPG key: B7FD89FD