[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: commands as super-user (was: JEdit)

Uttered Karsten Wade <kwade redhat com>, spake thus:

> You lose a layer of security auditing, but make the user's life much
> easier.  Then we can teach either the 'su -' or 'su -c "/bin/bash"'
> methods.

With respect: bosh.  Root login is the ultimate evil.  On a multiuser
system you can't tell which root did what.

But sudo is important on a single-user system because:

1)  "su -c" can introduct some fancy shell quoting requirements.
    Don't peek and tell me where the 'su -c "mkdir ${HOME}/foo"'
    command makes a directory.  Not novice-friendly.

2)  there is no record of what was done by the "su -c" command and
    this makes error recovery more difficult.  I know what I *meant*
    to type, but what did I *actually* type?

3)  Easier to learn the correct habit than unlearn a bad one later.

A single paragraph / appendix what boils down to:

   # echo "${USER} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers

doesn't seem too onerous.


Attachment: pgpnF6nbdNCIq.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]