Somebody call the Wahhhmbulance. This guy is outmoded. How about expanded security permissions for small groups of people in a larger directory? How about PAM auth plugins? How about escalation preventiontion for those same people, PLUS auditing instead of just seeing “root did something dumb”.
I don’t even get why this gent even bothered to wine and complain about this except that he doesn’t “get it”. This has been a solved issue for over 20 years now, and you don’t see large swathes of folks bitching and moaning about sudo at all.
If you need to provide tools that cross security boundaries then […] a small web app is better [than sudo].
A web app? Effin really!!? 🤨
This is the part that confused me most. At the first mention of web apps, I just thought, okay, if you have a web server you can have it run under a service account that can do what it needs to do. Sure. Kind of beside the point, but sure.
Then this came at the end and and I did a double-take. He’s really suggesting a web app as a substitute for sudo in general? Two questions:
- Wat?
- Wut?