Root login

[Raphaël Pinson]

On 12/7/06, Scott Mazur <kubuntulists at littlefish.ca> wrote:
>
> The desktop 'can' be a safer environment for root actions as it provides
> layer
> between the user and the system which could be used to prevent 'stupid
> user
> tricks' like deleting the root directory.  The power of sudu on a console
> is
> infinitely more dangerous as there is no limit to what the user can do
> with
> it.  The console is also a scary and confusing world for the user who is
> accustomed to the GUI.  They 'will not' fully understand what they're
> doing
> and will be just as likely to mis-type a command or try something they
> read
> else where in a different context.  And once they've totally blotted their
> system with an sudo command they didn't understand, there will be no
> recourse
> but to re-install and we're back into MS windows land.
>


On the contrary, sudo is much safer when dealt with properly, because you
can restrict the privileges to some commands, on some hosts, for some users.
For example, using

Cmnd_Alias PBUILDER = /usr/sbin/pbuilder
%pbuilder       ALL = NOPASSWD: PBUILDER


allows members of the pbuilder unix group to call /usr/sbin/pbuilder as root
on all hosts without entering a password, but nothing else. It can be
extended to a lot of things, so that a computer that is properly configured
with sudo is actually safer, and only a few users can have access to a few
commands. Typically, I think my mom should be able to upgrade her computer
with adept, but not use rm or such commands as root. So I would give her
sudo rights on adept/apt-get and so on but only on that.


Regards,

-- 
  ----------------------------------------------------------------------------------------
Raphaël Pinson - raphink at ichthux.com
http://www.raphink.info
Ichthux - http://www.ichthux.com - Linux for Christians
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20061207/08da7de8/attachment.html>