this post was submitted on 11 Nov 2024
-34 points (22.6% liked)

Linuxsucks

185 readers
38 users here now

Rules:

  1. FOSS advocates and Linux evangelists aren't welcome. -We ask that you block us.
  2. Moderation is heavy handed. Try to stay on topic.
  3. No Complaining Mute the sub if users, content, or rules bother you

founded 1 month ago
MODERATORS
madthumbs@lemmy.world
-34
sudo makes no sense (feddit.org)
submitted 1 week ago by superkret to c/linuxsucks@lemmy.world
30 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Mjpasta710@midwest.social 3 points 1 week ago (1 children)

Everything you described is possible using sudo, when configured as desired.

Everything you've described is NOT default configuration in Citrix or Windows. I.e. removing local administrative accounts, domain admin accounts with limited permissions and rotating automatically resetting passwords, etc.

I've worked for several enterprises that require UAC password for elevation every time it's needed as the person with elevated permissions (someone who's smarter than the average user) isn't expected to write down their passwords in accessible spaces.

Most enterprises are using third party products to manage the same structure you've described.

You're describing how a lot of enterprises are managing authentication when handled by a person. Not out of the box configuration.

Again, it's a situation that is customized to the usage scenario. What people have suggested you do with your Linux systems.

As noted previously you can configure sudo as desired by the enterprise.

[–] superkret 0 points 1 week ago (1 children)

I actually didn't know that elevation with UAC is a thing in (Windows) enterprise, and am still unsure what attack vector it protects against.
But I do see that it seems to make sense to people more knowledgable than me now.

Thanks for the great interaction, by the way.

[–] Mjpasta710@midwest.social 2 points 1 week ago (1 children)

I actually didn’t know that elevation with UAC is a thing in (Windows) enterprise, and am still unsure what attack vector it protects against.

There are some paranoid environments, and some feel there is a lot to be paranoid about.

But I do see that it seems to make sense to people more knowledgable than me now.

I'm not claiming to know everything or to be more knowledgeable. I'm only hoping to persuade you that sudo has benefits, and should be configured for your needs and policies.

Thanks for the great interaction, by the way.

I'm glad we can interact peacefully. I hope you have a great day or night!

[–] superkret 1 points 1 week ago (1 children)

I hope you have a great day or night!

Actually, no. I just had an emergency alert in on-call service cause there were 3 failed login attempts on one of our fire-walled hosts. 😂

[–] Mjpasta710@midwest.social 2 points 1 week ago

Didn't mean to jinx you. 😂