saulgoode wrote:
The main purpose of sudo...
I consider the purpose of a tool to be the core function of the tool, what the tool actually does, the action it performs.
How someone uses a tool and/or what they use the tool for is simply use case scenarios. Any function beyond the core function has to do with configuration and options.
But I misspoke, I should of said it's main purpose (function) is to allow users to run commands as another user. I used a use case to represent the basic function and it was a poor choice as it also represents more function than the main one.
saulgoode wrote:
The main purpose of sudo was to facilitate the task of administering Unix systems, particularly in larger enterprise environments.
That describes how someone might use the tool.
Providing well defined, limited access rights to certain programs was part of this -- you might want to give a technician tasked with doing weekly backups access to the tape drives and updating the logs, but not provide him access to the employment records of everybody in the company.
Another way.
Another (important) part of sudo's utility -- and this is where the ALL and NOPASSWORD keywords come into play -- was in simplifying the task of running an IT staff comprising multiple administrator accounts, without all staff members sharing the same account and password. Sudo makes it quite trivial to add and remove fully-privileged administrators in such a scenario. Nota bene, these were to be dedicated administrator accounts and only intended to be logged into while performing administrative activities.
Another.
I personally think it entirely accurate to characterize the granting of ALL privileges to an account that is otherwise being used for normal, regular-user computing activities to be a "bastardization" of the original purpose of sudo, and doing so with a NOPASSWORD option to be downright foolhardy.
I am glad we agree regarding the risk of the NOPASSWD option. As I stated earlier I consider installing sudo to be somewhat foolhardy(risky), not configuring it to be more secure than it is by default to be foolhardy(risky), and using the NOPASSWD option to be foolhardy(risky). I guess I am the more security concious user here. To do any of those increases risk. To not do the second one is as risky as the third since you would be unaware of any dangerous defaults and it would, at least after use of sudo, be operating as if the NOPASSWD option had been used until the timeout expired.
That being said I have no issue with anyone assuming any of these risks. It isn't my place to do so. Now if they were to recommend/suggest/encourage someone else to take a risk, then I would feel free to recommend/suggest/encourage otherwise.
Now you are speaking of ORIGINAL purpose? Was that a slip of the keyboard or did you mean to differentiate that from your earlier use of the phrase "main purpose"?
How can it be bastardization if the feature/option is programmed by the developer? When you configure other utilites do you also consider that to be bastardization as well? When you use options that are programmed into software are you bastardizing it as well? Because that is all this is about is options and configurations. The developer/contributer programmed it this way. You are saying that using a programs options is bastardization?
To me the only way to truly bastardize software would be to modify source in order to change it so that it does something different that what was programmed originally. In that way you would be corrupting, debaseing, changing the purpose and that would be bastardization.
TobiSGD wrote:
Funnily, this argument works in the same way the other way around, and even better. If the main purpose of sudo would have been to simply allow users to run system commands without having the root password the original authors simply would have omitted to implement all the complicated stuff about restricting access to certain programs. They would have simply implemented the ALL option and were done.
As previously mentioned, I misspoke. I should of said it's main purpose (function) is to allow users to run commands as another user. In the heatof the moment I used a use case to represent the basic function and it was a poor choice as it also represents more function than the main one.