Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add explanation about use of NOPASSWD in security chapter #195

Closed
geerlingguy opened this issue Jan 9, 2020 · 1 comment
Closed

Add explanation about use of NOPASSWD in security chapter #195

geerlingguy opened this issue Jan 9, 2020 · 1 comment

Comments

@geerlingguy
Copy link
Owner

This is from a reader's email:

On p. 284 I was a bit surprised to see the use of NOPASSWD without a discussion of the security implications though. Intuitively, NOPASSWD seems like a bad idea even with the other security measures in place, but I'm not a security expert, so I had to google it. And it seems like it might not be that bad after all:

https://security.stackexchange.com/questions/45712/how-secure-is-nopasswd-in-passwordless-sudo-mode

I'm still not completely sure and I couldn't really find an authoritative best-practice recommendation, but in any case, it seems like something you shouldn't just copy-paste without trying to understand the implications, so it would be great if your book included a short discussion on what it is and why/when it's acceptable to use it from a security point of view :)

I agree that intuitively, using NOPASSWD seems like it could be insecure (and it can be in certain circumstances, you just need to understand the risks/rewards). I would like to at least add a warning aside explaining this so it's more clear.

@geerlingguy
Copy link
Owner Author

I added some warning text in that section with some of the caveats and potential upside to using NOPASSWD. It'll be in the next book revision.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant