Kubuntu experience

Jim Richardson warlock at eskimo.com
Mon Apr 18 19:09:33 UTC 2005 

On Mon, 2005-04-18 at 16:52 +0930, Brian Astill wrote:
> On Sun, 17 Apr 2005 01:01, Pierfrancesco Caci wrote:
> > :-> "Brian" == Brian Astill <bastill at adam.com.au> writes:
> >     > sudo is dangerous and also awkward for anything other than an
> >     > occasional
> >
> > You should tell us all why sudo would be more dangerous than having a
> > root login enabled. Please.
> 
> I can't understand why you don't understand!  :-)
> The standard Unix way of doing things is for root to own the system and 
> to allow users to use that system subject to not being allowed to mess 
> about with it
> Root is all-powerful.  I have known some paranoid people who would not 
> operate as root without first disconnecting from the network and the 
> internet - and then would not leave the system unattended until their 
> root work was finished.  They were (overly?) concerned that someone 
> might break in electronically or physically and wreak havoc.
> In any event, one does NOT operate as root on a day-to-day basis.  You 
> set up a personal account for normal usage.
> 
> Sudo is an emergency privilege sort of thing.  Root might be going on 
> holiday and need someone to run things while they are away.  Granting a 
> sudo allows the "assistant" to run the system as root WITHOUT root 
> having to reveal root's password to them.  The sudo privilege can be 
> revoked by root at any time. 
> 
> The problem with sudo privilege is that you are always effectively 
> running as root - all anyone has to do is type "sudo" before any 
> command they wish to use - even "sudo rm -fR /* - to do whatever they 
> wish with your system.  NOT secure.



You might want to read up a bit on sudo. 

Yesm you can (and Ubuntu does) set up sudo with all privileges. Or you
can give a specific user, a specific level of control, down to a single
command, and a specific set of options. For example, on some of my
servers, I have a couple of backup admins, who have sudo privs only to a
short script,t hat does an apt-get update && apt-get upgrade, nothing
more. They can't add repositoreis, can't install a local deb, or install
anything specific, only run an update/upgrade. 

And as mentioned, sudo logs everything done via sudo, which is nice
also. 
-- 
Jim Richardson http://www.eskimo.com/~warlock
"It says he made us all to be just like him. So if we're dumb, then god
is dumb, and maybe even a little ugly on the side." -- Frank Zappa

More information about the ubuntu-users mailing list