Giving remaja (teens) group full administrator privileges through sudo - dangerous?

classic Classic list List threaded Threaded
61 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Bagas Sanjaya

Hello all Debian Users,

Consider the hypothetical scenario below.

I often encountered cases on systems in television stations when they configured sudoers like this snippet below:

%remaja ALL=(ALL:ALL) ALL

The rationale for above is most programs on such systems can only be accessed by users which are member of remaja (teens) group via sudo, so their sysadmins giving remaja user group full administrator privileges. Is it dangerous?

Regards, Bagas

Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

john doe-6
On 6/19/2019 6:06 AM, Bagas Sanjaya wrote:

> Hello all Debian Users,
>
> Consider the hypothetical scenario below.
>
> I often encountered cases on systems in television stations when they
> configured sudoers like this snippet below:
>
> %remaja ALL=(ALL:ALL) ALL
>
> The rationale for above is most programs on such systems can only be
> accessed by users which are member of remaja (teens) group via sudo, so
> their sysadmins giving remaja user group full administrator privileges.
> Is it dangerous?
>

We can't answer to this, the pros and cons are to be weighed.

--
John Doe

Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

tomas@tuxteam.de
In reply to this post by Bagas Sanjaya
On Wed, Jun 19, 2019 at 11:06:59AM +0700, Bagas Sanjaya wrote:

> Hello all Debian Users,
>
> Consider the hypothetical scenario below.
>
> I often encountered cases on systems in television stations when
> they configured sudoers like this snippet below:
>
> %remaja ALL=(ALL:ALL) ALL
>
> The rationale for above is most programs on such systems can only be
> accessed by users which are member of remaja (teens) group via sudo,
> so their sysadmins giving remaja user group full administrator
> privileges. Is it dangerous?
Yes, but danger's what makes life fun, after all :-)

The most important part would be to explain to the group's members what
this means. As a close second, frequent backups.

Of course, if it's an otherwise vital system extra care would needed
(a backup system or similar).

There's no reason why teens shouldn't be good sysadmins, and you gotta
start learning at some point. It's definitely a Good Thing they don't
grow up as "just" passive smartphone consumers!

Cheers
-- t

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Carl Fink-6
In reply to this post by Bagas Sanjaya
On 6/19/19 12:06 AM, Bagas Sanjaya wrote:

>
> Hello all Debian Users,
>
> Consider the hypothetical scenario below.
>
> I often encountered cases on systems in television stations when they
> configured sudoers like this snippet below:
>
> %remaja ALL=(ALL:ALL) ALL
>
> The rationale for above is most programs on such systems can only be
> accessed by users which are member of remaja (teens) group via sudo,
> so their sysadmins giving remaja user group full administrator
> privileges. Is it dangerous?
>
> Regards, Bagas
>
That is almost as bad as having no security restrictions at all. The
correct thing to do would be to set permissions on the programs to
allow them to be run by group remaja.

I don't say this often. I would immediately fire the person
responsible for instituting this policy on a "production" system. (It
would be a good policy if the system is intended as an educational
environment to allow the teens to ruin things, and learn from
experience.)
--
Carl Fink
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Bagas Sanjaya

That is almost as bad as having no security restrictions at all. The
correct thing to do would be to set permissions on the programs to
allow them to be run by group remaja.
What I thought that the correct way is to configure sudoers so that remaja group can access programs that they absolutely required via sudo (e.g. mount for mounting USB sticks).

I don't say this often. I would immediately fire the person
responsible for instituting this policy on a "production" system. (It
would be a good policy if the system is intended as an educational
environment to allow the teens to ruin things, and learn from
experience.)
In fact, many television stations have most programs written for teens (age 13 and older), so sysadmins there configure sudoers which allows teens to behave like sysadmins themselves (by giving them full administrator privileges) on their production systems. Also, parental monitoring and guidance can reduce likehood of teens breaking such systems. Maybe because teens are largest marketshare for TVs.

Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Richard Hector
On 20/06/19 4:56 PM, Bagas Sanjaya wrote:

>> That is almost as bad as having no security restrictions at all. The
>> correct thing to do would be to set permissions on the programs to
>> allow them to be run by group remaja.
> What I thought that the correct way is to configure sudoers so that
> remaja group can access programs that they absolutely required via sudo
> (e.g. mount for mounting USB sticks).
>
>> I don't say this often. I would immediately fire the person
>> responsible for instituting this policy on a "production" system. (It
>> would be a good policy if the system is intended as an educational
>> environment to allow the teens to ruin things, and learn from
>> experience.)
> In fact, many television stations have most programs written for teens
> (age 13 and older), so sysadmins there configure sudoers which allows
> teens to behave like sysadmins themselves (by giving them full
> administrator privileges) on their production systems. Also, parental
> monitoring and guidance can reduce likehood of teens breaking such
> systems. Maybe because teens are largest marketshare for TVs.
>
I think we (or at least I) must be missing some context here. For
starters, this must be some specific group of teenagers. And I'm sure
they're not given permission to take over running the whole TV station.

Is this some specific educational environment? Or is it a TV station
specifically intended to be run by and for teenagers? Something else?

Richard


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Bagas Sanjaya

I think we (or at least I) must be missing some context here. For
starters, this must be some specific group of teenagers. And I'm sure
they're not given permission to take over running the whole TV station.

Is this some specific educational environment? Or is it a TV station
specifically intended to be run by and for teenagers? Something else?
Richard Hector ([hidden email]), I am considering the case of (production) systems on TV stations for general audiences, that is TV stations that is watched by all audiences, not just teens. As long as someone is aged 13 or older, he/she is teenager. The remaja user group is for anyone that his/her age is 13 or older. My concern here is whether giving teens full administrator privileges on those production systems can be dangerous/vulnerable or not, in fact that psychologically they are very unstable.

Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Curt
On 2019-06-20, Bagas Sanjaya <[hidden email]> wrote:

>
>> I think we (or at least I) must be missing some context here. For
>> starters, this must be some specific group of teenagers. And I'm sure
>> they're not given permission to take over running the whole TV station.
>>
>> Is this some specific educational environment? Or is it a TV station
>> specifically intended to be run by and for teenagers? Something else?
> Richard Hector ([hidden email]), I am considering the case of
> (production) systems on TV stations for general audiences, that is TV
> stations that is watched by all audiences, not just teens. As long as
> someone is aged 13 or older, he/she is teenager. The remaja user group

Normally the teenage category has both a lower and an upper limit, the
latter being 19.

> is for anyone that his/her age is 13 or older. My concern here is
> whether giving teens full administrator privileges on those production
> systems can be dangerous/vulnerable or not, in fact that psychologically
> they are very unstable.
>

If you're giving your psychologically unstable remajas full
administrative privileges you are effectively giving them root; sudo
affords the ability to fine-tune the accorded rights in such a way as to
limit the amount and nature of the havoc your adolescent sudoers may
eventually raise (when and if they do go bonkers).

Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Carl Fink-6
In reply to this post by Bagas Sanjaya

On 6/20/19 12:56 AM, Bagas Sanjaya wrote:
>
>> That is almost as bad as having no security restrictions at all. The
>> correct thing to do would be to set permissions on the programs to
>> allow them to be run by group remaja.
> What I thought that the correct way is to configure sudoers so that
> remaja group can access programs that they absolutely required via
> sudo (e.g. mount for mounting USB sticks).
I would instead make the specific programs the students/teens should be
using executable by them without needing sudo. Linux permissions make
this very straightforward.

>
>> I don't say this often. I would immediately fire the person
>> responsible for instituting this policy on a "production" system. (It
>> would be a good policy if the system is intended as an educational
>> environment to allow the teens to ruin things, and learn from
>> experience.)
> In fact, many television stations have most programs written for teens
> (age 13 and older), so sysadmins there configure sudoers which allows
> teens to behave like sysadmins themselves (by giving them full
> administrator privileges) on their production systems. Also, parental
> monitoring and guidance can reduce likehood of teens breaking such
> systems. Maybe because teens are largest marketshare for TVs.
OK, which meaning of "program" are you using here? In American (and UK)
English, it can mean either "set of instructions that run on a computer"
or "television entertainment item." You seem to be using it both ways in
this message or confusing the two.

--
Carl Fink
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

rhkramer
In reply to this post by Bagas Sanjaya
On Thursday, June 20, 2019 02:57:18 AM Bagas Sanjaya wrote:

> > I think we (or at least I) must be missing some context here. For
> > starters, this must be some specific group of teenagers. And I'm sure
> > they're not given permission to take over running the whole TV station.
> >
> > Is this some specific educational environment? Or is it a TV station
> > specifically intended to be run by and for teenagers? Something else?
>
> Richard Hector ([hidden email]), I am considering the case of
> (production) systems on TV stations for general audiences, that is TV
> stations that is watched by all audiences, not just teens. As long as
> someone is aged 13 or older, he/she is teenager. The remaja user group
> is for anyone that his/her age is 13 or older. My concern here is
> whether giving teens full administrator privileges on those production
> systems can be dangerous/vulnerable or not, in fact that psychologically
> they are very unstable.

I guess I don't understand either, and I'd like to.  I'm guessing the teens in
question work for (or are interns at) the station -- they are not TV viewers
on some sort of interactive TV which they can control (to some extent) from
home?

Reply | Threaded
Open this post in threaded view
|

Re: Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Bagas Sanjaya
In reply to this post by Carl Fink-6
Carl ([hidden email]) said:

OK, which meaning of "program" are you using here? In American (and UK) English, it can mean either "set of instructions that run on a computer" or "television entertainment item." You seem to be using it both ways in this message or confusing the two.

In this case, "program" means "instructions that run on a computer", or "software".

In hypothetical scenario as I described in the starting of this thread, I imagine that TV programs run by TV stations can be thought as computer programs in TV station's production systems.

I would instead make the specific programs the students/teens should be using executable by them without needing sudo. Linux permissions make this very straightforward.
I mean:

# chown root:remaja /opt/teen-programs/bin/* && chmod 755 /opt/teen-programs/bin/*

But we're considering in this thread when most age-restricted programs can only be run using sudo, that is, such programs can only be run by root or using sudo.
Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Gene Heskett-4
On Thursday 20 June 2019 08:30:57 Bagas Sanjaya wrote:

> Carl ([hidden email]) said:
> > OK, which meaning of "program" are you using here? In American (and
> > UK) English, it can mean either "set of instructions that run on a
> > computer" or "television entertainment item." You seem to be using
> > it both ways in this message or confusing the two.
>
> In this case, "program" means "instructions that run on a computer",
> or "software".
>
> In hypothetical scenario as I described in the starting of this
> thread, I imagine that TV programs run by TV stations can be thought
> as computer programs in TV station's production systems.
>
> > I would instead make the specific programs the students/teens should
> > be using executable by them without needing sudo. Linux permissions
> > make this very straightforward.
>
> I mean:
>
> # chown root:remaja /opt/teen-programs/bin/* && chmod 755
> /opt/teen-programs/bin/*
>
> But we're considering in this thread when most age-restricted programs
> can only be run using sudo, that is, such programs can only be run by
> root or using sudo.

As a retired Chief Engineer, one of my duties was also the holder of a
letter designating me as the Chief Operator of that tv station.
So one of my duties was seeing to it that the rules as published in 47
CFR that applied to both the technical operations, and the legal things
were enforced. A subscription to that 47 CFR from the GPO, can be a very
wise expense.  Not knowing something in it is a null/void defense.  
Cover you ass in other words.

What you want to do opens a pandora's box of stuff these teenagers might
like to see aired.  That means putting their stuff in a permissions
sandbox that only the chief operator has rights to move the materiel out
of that sandbox into the broadcast queue. IOW, someone with that letter
of authority must exist, and the FCC gives him/her that veto power
because he/she is also the person they'll monetarily fine at $27,000 per
instance when something airs that shouldn't.

And there are several categories of no-no's. Payola schemes by the
General Sales Manager, backed by the General Manager himself got shut
down by me. They went to the owner to get me fired, and he told them to
go pound sand, I was saving lots of money. That GM got a surprise visit
from the corporate bookkeeper, and was escorted out on 15 minutes notice
to collect his personal stuff by a deputy for cooking the books.

Anyway, what you want to do to facilitate their creativity still needs a
final approval by someone with that letter giving then the power to say
no.  And likely an IT guy smart enough to stay ahead of their attempts
to climb that fence.

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Carl Fink-6
On 6/20/19 12:36 PM, Gene Heskett wrote:

> On Thursday 20 June 2019 08:30:57 Bagas Sanjaya wrote:
>
>> In hypothetical scenario as I described in the starting of this
>> thread, I imagine that TV programs run by TV stations can be thought
>> as computer programs in TV station's production systems.
>>
>>> I would instead make the specific programs the students/teens should
>>> be using executable by them without needing sudo. Linux permissions
>>> make this very straightforward.
>> I mean:
>>
>> # chown root:remaja /opt/teen-programs/bin/* && chmod 755
>> /opt/teen-programs/bin/*
>>
>> But we're considering in this thread when most age-restricted programs
>> can only be run using sudo, that is, such programs can only be run by
>> root or using sudo.
> As a retired Chief Engineer, one of my duties was also the holder of a
> letter designating me as the Chief Operator of that tv station.
> So one of my duties was seeing to it that the rules as published in 47
> CFR that applied to both the technical operations, and the legal things
> were enforced. A subscription to that 47 CFR from the GPO, can be a very
> wise expense.  Not knowing something in it is a null/void defense.
> Cover you ass in other words.
>
> What you want to do opens a pandora's box of stuff these teenagers might
> like to see aired.  That means putting their stuff in a permissions
> sandbox that only the chief operator has rights to move the materiel out
> of that sandbox into the broadcast queue. IOW, someone with that letter
> of authority must exist, and the FCC gives him/her that veto power
> because he/she is also the person they'll monetarily fine at $27,000 per
> instance when something airs that shouldn't.

(Lots of snipping above.)

You seem to be assuming that Mr. Banjaya is in the USA. While that is
not impossible, given the Javanese name and non-USA usage of English, I
suspect that it is not correct.
--
Carl Fink
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Bagas Sanjaya
Carl Fink wrote:

You seem to be assuming that Mr. Banjaya is in the USA. While that is not impossible, given the Javanese name and non-USA usage of English, I suspect that it is not correct.

In Indonesia, the case resemble hypothetical case in this thread, where sysadmins in TV station doesn't care about 
least privilege security principle and they gave teens full root privileges, for most programs are for teens.
Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Gene Heskett-4
In reply to this post by Carl Fink-6
On Friday 21 June 2019 15:41:00 Carl Fink wrote:

> On 6/20/19 12:36 PM, Gene Heskett wrote:
> > On Thursday 20 June 2019 08:30:57 Bagas Sanjaya wrote:
> >> In hypothetical scenario as I described in the starting of this
> >> thread, I imagine that TV programs run by TV stations can be
> >> thought as computer programs in TV station's production systems.
> >>
> >>> I would instead make the specific programs the students/teens
> >>> should be using executable by them without needing sudo. Linux
> >>> permissions make this very straightforward.
> >>
> >> I mean:
> >>
> >> # chown root:remaja /opt/teen-programs/bin/* && chmod 755
> >> /opt/teen-programs/bin/*
> >>
> >> But we're considering in this thread when most age-restricted
> >> programs can only be run using sudo, that is, such programs can
> >> only be run by root or using sudo.
> >
> > As a retired Chief Engineer, one of my duties was also the holder of
> > a letter designating me as the Chief Operator of that tv station. So
> > one of my duties was seeing to it that the rules as published in 47
> > CFR that applied to both the technical operations, and the legal
> > things were enforced. A subscription to that 47 CFR from the GPO,
> > can be a very wise expense.  Not knowing something in it is a
> > null/void defense. Cover you ass in other words.
> >
> > What you want to do opens a pandora's box of stuff these teenagers
> > might like to see aired.  That means putting their stuff in a
> > permissions sandbox that only the chief operator has rights to move
> > the materiel out of that sandbox into the broadcast queue. IOW,
> > someone with that letter of authority must exist, and the FCC gives
> > him/her that veto power because he/she is also the person they'll
> > monetarily fine at $27,000 per instance when something airs that
> > shouldn't.
>
> (Lots of snipping above.)
>
> You seem to be assuming that Mr. Banjaya is in the USA. While that is
> not impossible, given the Javanese name and non-USA usage of English,
> I suspect that it is not correct.

Thats entirely possible Carl, so you could well be correct, but after the
war, they borrowed very heavily from us for their own com rules, so even
now I wouldn't expect huge deviations from our rules. The final answer
should come from whatever document they maintain that is the equ of our
47 CFR.  And even if I had access to it, I read very very little
Japanese, most of that from the engrish translations of Sony manuals.

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

deloptes-2
In reply to this post by Bagas Sanjaya
Bagas Sanjaya wrote:

> In Indonesia, the case resemble hypothetical case in this thread, where
> sysadmins in TV station doesn't care about least privilege security
> principle and they gave teens full root privileges, for most programs are
> for teens.

What a BS! This comes from Windoz for sure.

The question is contradiction in itself. As soon as you give full access to
anybody, you are out of control and you loose. And yes it is dangerous.

I don't see the point in the discussion. In fact if it is a teen or someone
else does not make any difference.



Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Curt
In reply to this post by Gene Heskett-4
On 2019-06-22, Gene Heskett <[hidden email]> wrote:

>>
>> You seem to be assuming that Mr. Banjaya is in the USA. While that is
>> not impossible, given the Javanese name and non-USA usage of English,
>> I suspect that it is not correct.
>
> Thats entirely possible Carl, so you could well be correct, but after the
> war, they borrowed very heavily from us for their own com rules, so even
> now I wouldn't expect huge deviations from our rules. The final answer
> should come from whatever document they maintain that is the equ of our
> 47 CFR.  And even if I had access to it, I read very very little
> Japanese, most of that from the engrish translations of Sony manuals.

Not Japanese, but *Javanese*. Remaja is Javanese (derived from Indonesian, I
think) for teenager, who apparently are a PITA world-wide, which is
somehow comforting.

> Cheers, Gene Heskett


Reply | Threaded
Open this post in threaded view
|

Re: Re: Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Bagas Sanjaya
In reply to this post by deloptes-2

What a BS! This comes from Windoz for sure.

I don't know. Since 2013 most programs (GUI applications) there (TV stations systems) display watermark which stated that 
those are for teens (optionally with parental guidance). So children have to wait until 13 in order to fully make use of
those systems.
I don't see the point in the discussion. In fact if it is a teen or someone
else does not make any difference.
I'm talking about (production) systems which teens are allowed to do most (administrative?) tasks with sudo, which are analogous to letting them watch TV programs designed for them, which are majority of programs offered by TV stations in real life.
Reply | Threaded
Open this post in threaded view
|

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

Thomas Schmitt
In reply to this post by Curt
Hi,

Curt wrote:
> [...] teenager, who apparently are a PITA world-wide

Especially for the carbon dioxide producers. :))

> which is somehow comforting.

Yeah. Our past enthusiasm did not vanish. It's just with somebody else now.


Have a nice day :)

Thomas

Reply | Threaded
Open this post in threaded view
|

Re: Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

tomas@tuxteam.de
In reply to this post by deloptes-2
On Sat, Jun 22, 2019 at 04:21:57AM +0200, deloptes wrote:

> Bagas Sanjaya wrote:
>
> > In Indonesia, the case resemble hypothetical case in this thread, where
> > sysadmins in TV station doesn't care about least privilege security
> > principle and they gave teens full root privileges, for most programs are
> > for teens.
>
> What a BS! This comes from Windoz for sure.
>
> The question is contradiction in itself. As soon as you give full access to
> anybody, you are out of control and you loose. And yes it is dangerous.
I strongly disagree. Trust is a social issue, not a technical one. So,
IMHO, you have to approach it by social means.

Technical "fences" are just a tool -- but how you use that tool must be
clear well before you take it out of the cupboard.

Cheers
-- t

signature.asc (205 bytes) Download Attachment
1234