nigde at mitechki.net
Thu Jan 19 18:35:04 GMT 2006
On Thu, 2006-01-19 at 23:36 +1100, Yuki Cuss wrote:
> No, of course, they don't notice when they are sudoing. *But*, they do
> notice that when they follow a HowTo on the Wiki, for example, that they
> have to type `sudo apt-get install ..'. If any of them make the
> unfortunate mistake of forgetting the `sudo', they suddenly notice that
> apt-get no longer works!
Well, in this case they will not notice that "apt-get no longer works".
A regular non-tech user following a howto most likely will not know what
all this apt-get business is about, he/she will notice that instead of
some result described in the howto he got an unexpected error, check
his/her command and notice that he/she missed a word.
> So, a newbie might come up himself with the idea: `sudo bash'. Let's say
> he works within this environment. Suddenly, since he's created all these
> files as root in his home directory, he seems to have broken his system!
> Then he realises: just do `sudo bash' again. Now, we have a newbie who's
> very used and accustomed to just typing `sudo bash' on every terminal he
> opens. (not even sudo -s or -i! Can you imagine? :))
You overestimate peoples ability to extrapolate. In order to come up
with something like sudo bash, the user is supposed to already have a
need to frequently run commands in the terminal window, realize that the
prompt in the terminal is generated by a program called bash, realize
that other commands he/she runs are running as children to the shell (I
mean if you look at it in an unbiased way, it is not obvious that sudo
bash will work the way it will without knowing how programs execute) and
a few other assumptions. So, any person UNIX literate enough to come up
with something like sudo bash is gonna have to be responsible for
his/her actions. If you have a fool and a sledgehammer, you can lock up
the sledgehammer, but once you got a fool with a sledgehammer is very
difficult to protect the fool.
> The point is, the solution isn't just to try to obfuscate the use of
> sudo whenever possible, the solution isn't to try to avoid educating the
> user. The solution is to tell the user what `sudo' does as early as we
> can. Then the user will know that, if he ever ends up using a console,
> sudo is only for administrative commands, and nothing else.
Unfortunately, explaining things like sudo involves explaining a lot of
concepts unknown by a regular user. You need to explain what is CLI,
what is shell, what is priviledge separation and who is root. Depending
on the level of the user, this would take from a couple of hours to a
few days of learning. As it is, the phrase "To execute a command as
root, run "sudo <command>" and enter your password" is a piece of
complete nonsense. Do not forget that to a normal person, execute means
"to kill publicly" and root means "part of a plant".
More information about the ubuntu-devel