:: Re: [DNG] sudo or su?
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] sudo or su?
Le 22/05/2016 12:22, Fernando M. Maresca a écrit :
>
>
> On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote:
>
>> My solution has always been to keep users and root *separate*,
>> avoiding sudo altogether, and to ask myself to wear an appropriate
>> "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that
>> I keep on my desk) whenever a part of myself has to become root and
>> perform a configuration task. I know that whenever I am wearing the
>> "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I
>> have to put extra care on whatever I do, since a mistake could cause
>> the regular users of my system (including the other part of myself) to
>> suffer unnecessary pain and disruption.
>>
>> No automagic tool can save you from your own stupidity. You need a
>> system administrator to manage your linux box, and investing a bit of
>> time in training a part of yourself for that task, and 2$ in buying a
>> "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is
>> really worth the effort, and the price :)
> very +1
>
>
> and keep in mind: real men do everything as root and don't make
> backups :)
>
> I think sudo main advantage is to grant certain administrative
> privileges to junior sysadmin or regular users, without to reveal the
> root password.
>
>

     I use both.


     On hosts with many users and subsystems, I give permissions to 
others to act as (eg) mysql-admin, web-admin, elog-admin, or just 
halt/reboot. I can't do/know everything and must give priviledges to 
others. sudo is fitted for that.


     On my laptop I use su because I'm too lazy to configure sudo, but 
I'm sure I would save time by allowing myself to run ifupdown without 
password.


     Didier