Thread: Richard Stallman in "power of the rulers"

  1. #1
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158

    Richard Stallman in "power of the rulers"

    Take a look at this: The wheel Group « UNIX Administratosphere

    Does Stallman not realize that users are given control over the computer - for a reason?! You don't fix malicious administrators by taking control of the system away from everybody - you do it by firing them! He's forced this insecure philosophy on us because he's bitter about someone taking advantage of him in the past?!

    I'm thinkin': "where's your brain?"

  2. #2
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Quote Originally Posted by Yarin View Post
    I'm thinkin': "where's your brain?"
    By now his brain is covered in at least 3" thick worth of aluminum foil. ... You know... to keep the closed-source people from invading his brain and stealing his free ideas.
    Sent from my iPad®

  3. #3
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Absolutely ridiculous, of course. The way he puts it, makes it look like GNU/Linux should be vulnerable to social engineering attacks by design.

    Instead, IMO the wheel group makes little sense in su, since its usage should be prevalent across all users of a system. Using wheel here would stop users not in that group from temporarily trading privileges, for instance. And putting everyone in the wheel group is... the same as not using the wheel group.

    wheel is a lot more useful with sudo, which is clearly root oriented and allows system administrators to work as regular users and avoids certain pitfalls of the su command (like forgetting to exit the shell). It's also very common among single users running their own desktops.

    The article is not clear on a few aspects. Starts by saying wheel is seldom used and keeps on admitting it is widely used. Not sure what the author wants to say. Maybe that indeed wheel has very little use in su, but a lot in sudo.

    As for Stallman remark, it's absolutely ridiculous in the context of a technical reason for not supporting wheel in su (there's nothing technical in all that idiocy). But mostly because obviously nobody gives a rat's arse to Stallman opinion. If there was a real need to support wheel, it would be implemented. End of story. You just don't around distributing a server-capable industry-strength operating systems with a design based on quotes like that.

    In other words, it's a lie. That's not the reason why it isn't supported out of the box. And this is made even more clear when the official documentation makes a point of distancing itself from that text by noting it's a one person statement (su invocation - GNU Coreutils)
    Last edited by Mario F.; 08-31-2010 at 07:41 PM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  4. #4
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    Does Stallman not realize that users are given control over the computer - for a reason?!
    Users should have absolutely no control over the computer.

    Users should only have control over the resources they need.

    You don't fix malicious administrators by taking control of the system away from everybody - you do it by firing them!
    WHAT!? You've totally missed the point! He didn't take "control of the system away from everybody"; he gave control of the system to everybody who knew the root password!

    Any user (on a GNU `su' system without the appropriate "PAM" modules active), "wheel" or not, could simply `su' and do whatever they wanted.

    The "wheel" group acted as a barrier, albeit a small one, for a normal user to get root, but the `su' provided by GNU doesn't honor this classic contract.

    He's forced this insecure philosophy on us because he's bitter about someone taking advantage of him in the past?!
    No. He isn't. He can't.

    I doubt anyone simply using a "*nix" box has ever noticed.

    Anyone administering a "*nix" system should know about this (the issue is like twenty years old) and manage the situation appropriately. (Which could be anything from manually changing some permissions to get the same effect, replacing GNU `su' with "Shadow" `su', just using "PAM", or allowing everyone to run with root privileges with clever use of "SELinux".)

    Instead, IMO the wheel group makes little sense in su, since its usage should be prevalent across all users of a system.
    WHAT!?

    The administrator in me just died a little!

    The use of `su' (for root) should be restricted from just about everyone at all times.

    Using wheel here would stop users not in that group from temporarily trading privileges, for instance.
    And allowing users to control their own privileges sounds like a good idea to you?

    It would be a lot faster to just give out the root password.

    What are you trying to do? No. Seriously. What are you trying to do? I want to know. I can almost certainly help.

    wheel is a lot more useful with sudo, which is clearly root oriented and allows system administrators to work as regular users and avoids certain pitfalls of the su command (like forgetting to exit the shell).
    Unlike a lot of "old hat" guys, I really like `sudo', but I have to say, if you are forgetting to reduce your privileges, you are using `su' wrong and the common default configuration of `sudo' (staying "sudoed" for a specific time) will not help you.

    That said, how is "wheel a lot more useful with sudo"? Or are you really just saying that `sudo' is more "user friendly" than `su'? I'd agree with that.

    If there was a real need to support wheel, it would be implemented.
    Correct. There is no need for `su' to support "wheel". There are better tools available to distribute and manage privileges and resources. These tools should be used instead. But, many people coming from other "*nix" systems (OpenBSD would be a favorite) are used to the mechanism and like having it around.

    In other words, the "requirement" for "wheel" support is much like the "reason" GNU `su' doesn't have "wheel" support. They are purely personal and historic artifacts. I guess you could say "philosophical" if you wanted to be nice.

    In other words, it's a lie.
    If I remember my history (I'm sure I do, I'm just to lazy to confirm.), Richard Stallman wrote the first version of GNU `su' so it probably is true that the reason is a personal one.

    But mostly because obviously nobody gives a rat's arse to Stallman opinion.
    *giggle*

    Good joke man! ^_^;

    Soma

  5. #5
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Quote Originally Posted by phantomotap View Post
    WHAT!?
    Yes, you heard me. su should be available to all users. Shocking!

    The administrator in me just died a little!

    The use of `su' (for root) should be restricted from just about everyone at all times.
    Well, that's because the administrator in you is just looking at su as a means to gain root privileges. Thing is, it's not.

    And allowing users to control their own privileges sounds like a good idea to you?
    Yes, when that means users can su into other users. Something they definitely can't do with sudo.

    That said, how is "wheel a lot more useful with sudo"? Or are you really just saying that `sudo' is more "user friendly" than `su'? I'd agree with that.
    Because sudo is a type of "su to root only", here a wheel group could make sense. sudoers can be defined on a user basis, or in more complex environments, as part of a group; wheel.

    As for hold hats hating sudo... on my "travels" I've come to realize it's mostly them trying to look cool, and failing.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  6. #6
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    Yes, you heard me. su should be available to all users. Shocking!
    O_o

    Did you hear me? I'll repeat: The use of `su' (for root) should be restricted from just about everyone at all times.

    Well, that's because the administrator in you is just looking at su as a means to gain root privileges. Thing is, it's not.
    You want to know a secret? THAT IS WHAT THE ARTICLE AND THE ISSUE IS ABOUT.

    Yes, when that means users can su into other users. Something they definitely can't do with sudo.
    o_O

    You can't `su' into others users with a tool not designed to do that? Bummer!

    Wait! Wow! You know what you can do? You can execute commands with `sudo' as another user without needing to `su' at all.

    Oh, wait, that's what `sudo' was designed for... silly me.

    Because sudo is a type of "su to root only", here a wheel group could make sense. sudoers can be defined on a user basis, or in more complex environments, as part of a group; wheel.
    O_o

    Do you ever actually read anything anyone posts?

    Or do you just not understand anything?

    Or is this stupidity somehow targeted only at me?

    If your display of stupidity is somehow targeted only at me, please let me know. I'll stop wasting time trying to account for it.

    *shrug*

    I'll try once more, and once more only, to make this issue clear for you.

    The "wheel" group traditionally only controlled who could `su' to root. IT DID NOT CONTROL WHO USED `SU' TO SUBSTITUTE ANOTHER USER ID! (For the record, most administrators did and do prevent any use of `su' by a user as a matter of practice, but that is not the default behavior, and it has nothing to do with the `su' and "wheel" relationship.)

    In other words, any user, who knew the passwords, could use `su' to operate as another use regardless of group privileges. The "wheel" group association only controlled account privileges of `su' to root.

    Soma

  7. #7
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Phantomap. It's impossible to talk with you. You are constantly aggressive and offensive every time the debate doesn't go the way you intend it to. I'm tired of it. You are just going to my ignore list after this.

    Who the heck said anything about passwords? In the entire thread I haven't used that word once, until now. What makes you think giving access to the su command will immediately give everyone access to the root account.

    Keep talking about the inability of other people to read.
    Last edited by Mario F.; 09-01-2010 at 06:50 AM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  8. #8
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    *blink*

    I humbly request that this thread be locked in honour of that last statement.

    Soma

  9. #9
    Registered User
    Join Date
    Sep 2001
    Posts
    4,912
    I humbly request that this thread be locked in honour of that last statement.
    Done, but less because of said statement, and more because I do think there was more sarcastic aggression than is necessary or pleasant. If anyone wants to add something PM me or a moderator to reopen it.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Richard Stallman (gcc) == Rick Rubin (defjam)
    By MK27 in forum A Brief History of Cprogramming.com
    Replies: 11
    Last Post: 05-26-2009, 07:49 PM
  2. Replies: 7
    Last Post: 05-31-2007, 10:14 AM