:: Re: [DNG] sudo or su?
Top Page
Delete this message
Reply to this message
Author: KatolaZ
Date:  
To: Didier Kryn
CC: dng
Subject: Re: [DNG] sudo or su?
On Sun, May 22, 2016 at 11:49:24AM +0200, Didier Kryn wrote:

[cut]

>
>     Hi emniger.
> .
>     su allows you to execute any command, and asks root password

>
>     sudo allows the admin to configure with fine grain what users
> and/or lists of users are allowed to execute with or without typing
> their personal password.

>
>     Even if you are the only user of your laptop, you may like to
> have some priviledged commands be executable without typing your
> password. Also, limiting the authorized commands brings you some
> additional level of safety.

>


I have a slightly different view on the matter, indeed :) In a unix
environment there are two kinds of users: "normal" or "regular" users,
and the administrator, or root.

The administrator of the system decides policies and performs system
configuration and monitoring.

If you log into a unix system to do your own work, you are a "regular"
user, and you should not be bothered at all with system configuration
or monitoring.

This is a fairly easy scheme to understand. The problem is that in a
desktop environment, where you are both the only "regular" user and
the "administrator" of your system, the two things might become
entangled.

My solution has always been to keep users and root *separate*,
avoiding sudo altogether, and to ask myself to wear an appropriate
"magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that
I keep on my desk) whenever a part of myself has to become root and
perform a configuration task. I know that whenever I am wearing the
"magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I
have to put extra care on whatever I do, since a mistake could cause
the regular users of my system (including the other part of myself) to
suffer unnecessary pain and disruption.

No automagic tool can save you from your own stupidity. You need a
system administrator to manage your linux box, and investing a bit of
time in training a part of yourself for that task, and 2$ in buying a
"magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is
really worth the effort, and the price :)

HND

KatolaZ

--
[ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ]
[ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ]
[ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ]
[ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ]