:: Re: [DNG] sudo or su?
Top Pagina
Deze boodschap maakt deel uit van devolgende draad:
M++\de volledige draad-boom gesorteerd op datum
MMMMAdam Borowski op <-
MMMMPeter Olson op ->
Delete this message
Reply to this message
Auteur: R. W. Rodolico
Datum:  
Aan: dng
Onderwerp: Re: [DNG] sudo or su?
The big thing for me about Ubuntu, etc... is not the fact they use sudo
a lot, it is that by default they do not allow root login at all. If the
/home partition has problems, you must login as a user, then sudo to
root, then attempt to dismount /home and work on it, which will not work
since /home has files open (since you logged in as a user with a home
directory in /home). So, I have to boot off some other media to do
repair work on /home (or fix the login)

sudo vs su is an interesting decision to make, but not allowing root
login is a matter of too much security to get your job done.

Rod

On 05/22/2016 02:34 AM, Lars Noodén wrote:
> On 05/22/2016 12:38 AM, Paweł Cholewiński wrote:
>> Read this
>> http://unix.stackexchange.com/questions/35338/su-vs-sudo-s-vs-sudo-i-vs-sudo-bash
>>
>>
>> Paweł
>
> That's a good comparison with sound analysis but looks like it tries to
> use sudo just as if it were su. They are very different tools with very
> different use-cases.
>
> There are two main advantages of sudo which almost never get mentioned
> as too many systems *cough*ubuntu*cough*mint*cough* are set up to allow
> 'sudo -i' by default: One advantage of sudo is that control can be
> granted in a highly granular way. Specific programs with only specific
> options can be made available to specific users. Another advantage is
> an all but unknown auditing system which shows which account did or
> tried what and exactly when. See 'sudoreplay' for that.
>
> As far as default settings go, instead of defaulting to
>
> %sudo ALL=(ALL:ALL) ALL
>
> I'd raise the bar, with a default sudoers something like this:
> 
>   %sudo ALL=(ALL) /usr/bin/apt-get update, \
>         /usr/bin/apt-get install [A-Za-z0-9][A-Za-z0-9-]*, \
>         /usr/bin/apt-get remove [A-Za-z0-9][A-Za-z0-9-]*, \
>         /usr/bin/apt-get autoremove, /usr/sbin/visudo ""

>
> Maybe in a future version of Devuan, some changes to sudoers can be
> considered.
>
> Michael W Lucas has had very useful presentations on sudo:
> 
>     https://www.bsdcan.org/2014/schedule/attachments/283_2014-04-29%20sudo%20tutorial%20-%20bsdcan%202014.pdf

> 
>     https://www.youtube.com/watch?v=o0purspHg-o

>
> but his book 'Sudo Mastery' is even more useful. IMHO it's not that
> sudo is any harder than most other utilities, it's just that common
> misuse has gotten the herd heading off in the wrong direction.
>
> regards,
> /Lars
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>

--
Rod Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net
Deze boodschap werd naar devolgende mailinglijsten gestuurd:
dng
Mailing Lijst Info | Nabije Berichten		<-Re: [DNG] Unofficial Devuan live imagesRe: [DNG] Unofficial Devuan live images->

Donate to Dyne.org

dyne.org open discussions
beheerd door dyne.org hackers		Lurker (versie 2.3)