I agree, there are different requirements between workstations and multi-user servers. SUDO tends to be more useful on servers. One of the additional tools I like to use with SUDO is sudosh. Sudosh is a "shell" that logs everything, so you can avoid the "admin gets tired of typing sudo in fromt of everything and just spawns a shell" problem. They can spwarn a sudosh, and then do what they need to do, and I can still get an audit log.
Which brings up another point, sudo provides an audit log, and from a forensic inventigation point of view, this is rather handy. Now, this also implies that your logs get sent to another machine which very few people have access to. Again, all this implies that you are running servers, and more than one server at that.
Slashdot Mirror
I agree, there are different requirements between workstations and multi-user servers. SUDO tends to be more useful on servers. One of the additional tools I like to use with SUDO is sudosh. Sudosh is a "shell" that logs everything, so you can avoid the "admin gets tired of typing sudo in fromt of everything and just spawns a shell" problem. They can spwarn a sudosh, and then do what they need to do, and I can still get an audit log. Which brings up another point, sudo provides an audit log, and from a forensic inventigation point of view, this is rather handy. Now, this also implies that your logs get sent to another machine which very few people have access to. Again, all this implies that you are running servers, and more than one server at that.