:: Re: [DNG] sudo or su?
Top Page
Delete this message
Reply to this message
Author: KatolaZ
Date:  
To: Fernando M. Maresca
CC: dng
Subject: Re: [DNG] sudo or su?
On Sun, May 22, 2016 at 07:22:44AM -0300, Fernando M. Maresca wrote:
>
>
>
> On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote:
>
> > My solution has always been to keep users and root *separate*,
> > avoiding sudo altogether, and to ask myself to wear an appropriate
> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that
> > I keep on my desk) whenever a part of myself has to become root and
> > perform a configuration task. I know that whenever I am wearing the
> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I
> > have to put extra care on whatever I do, since a mistake could cause
> > the regular users of my system (including the other part of myself) to
> > suffer unnecessary pain and disruption.
> >
> > No automagic tool can save you from your own stupidity. You need a
> > system administrator to manage your linux box, and investing a bit of
> > time in training a part of yourself for that task, and 2$ in buying a
> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is
> > really worth the effort, and the price :)
>
> very +1
>
>
> and keep in mind: real men do everything as root and don't make
> backups :)
>
> I think sudo main advantage is to grant certain administrative
> privileges to junior sysadmin or regular users, without to reveal the
> root password.
>


sudo is undeniably handy when administration is shared among several
admins, but in those cases it should be used with extreme care. I know
of real situations when one of the sudoers was allowed to edit
/etc/sudoers, and left the machine unusable by other admins due to a
syntax error in /etc/sudoers...

Again, tools are just tools, and can't be replacements for policy and
knowledge.

If one has to use something like sudo, I prefer the approach of
simpler tools, in the same spirit of "sup"
https://git.devuan.org/jaromil/sup).

My2Cents

KatolaZ

--
[ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ]
[ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ]
[ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ]
[ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ]