for everyone whose sick of sudo read this

Sun Jul 3 20:35:27 UTC 2005

Brian Puccio wrote:

> On Sun, 2005-07-03 at 12:45 -0400, irusun wrote:
>> *nix has its origin in a multi-user environment, often involving dozens
>> if not hundreds of users.  With so many remote and sometimes unknown
>> logins, security is obviously an issue.  But the reality is that most
>> of the people using Ubuntu are just single (or family) users who just
>> want an alternative to Microsoft.
> 
> So you wouldn't mind then if I, or someone far less honest, had access
> to your computer?

Of course I would, if I didn't care I'd tell the whole world what my root
password was.  :)

> You don't do any online banking?  You don't purchase 
> anything online?

Non-sequitur.  This has nothing to do admin control of your personal
machine.  These things are handled by https:.

> You have nothing on your computer that you wouldn't mind being public?

You'd still need my root password that I haven't given you.  :)

> If so, fine, security is of no concern to you.  But for those of us who
> use their computers for the above reasons, and possibly even work,
> security IS an issue.

It is for me too, yet I don't use sudo either, along with many other people
who use their computers on a daily basis and/or for a living.  We do use
nontrivial root passwords, and we only use root for admin purposes, we use
a normal account for everything else.  You obviously don't realize it, but
this is exactly the kind of hyperbole that the OP was referring to.

> I'm quite fine without a root user.  Having to sudo to do things leaves
> a very visible trail:
> 
> 
>> Jul  3 13:34:40 localhost sudo:    brian : TTY=unknown ; PWD=/home/brian
>> ; USER=root ; COMMAND=/usr/sbin/synaptic

???

The pam module for login will do the same thing if you need an audit trail.

> I can't inadvertently break the system without sudo'ing.

And you can't inadvertently break the system without su'ing or logging in as
root either, so your point is?

>> I'm not complaining about how Ubuntu uses root, but it really starts to
>> sound ridiculous the way some go on about how "bad" logging in as root
>> is.  It's like any tool - learn how to use it, respect it, and have
>> fun!
> 
> I must have missed the "fun with root" o'reilly book.

I think you also missed the "How to keep an open-mind about different ideas"
book too, but I can't remember if O'Reilly was the publisher or not.

> FWIW, the fact that the default windows user has admin privs is one of the
> reasons that the spyware propagates so well on windows platforms.  Even
> the MS  evangelist, Scoble, says that running as admin on windows is not a
> bright idea:

Which has what, exactly, to do with the argument over sudo?

The problem with Windows is that MS never took security seriously, because
part of that aspect involves the user having to do a little extra work
occasionally, like using a root session with a nontrivial password to admin
things that can't be done by a normal user.  Again, this has nothing to do
with the sudo argument, heck, even today Windows defaults to letting you
login with root priveleges all the time without needing a password.

> I'll jump on the band-wagon and say that if you need to login as root
> for anything other then a single command or two, you're probably doing
> something wrong.

Well thank God all those Unix gurus that made Linux and Ubuntu possible for
you never cared for a hay-ride.  I'm not interested either.  This kind of
mindless and meaningless zealotry not only reminds me of the amusing and
pointless vi/emacs wars, more seriously it also reminds of what's happening
within Debian right now, which is why I left there and came to Ubuntu.

Chill out Brian, Unix survived for a long time before sudo even showed up,
and the real Unix experts can tell you good security doesn't come from
whether you use sudo or su or something else, it comes from paying
attention to the details, and always following the security rules, even
when they're inconvenient.  The truth is most security problems stem from
people's laziness or administrative incompetence, not whether they used
sudo or not.

Someone please tell me whether this kind of religious ferver is normal for
Ubuntu too, because if it is, I won't last long here either and should be
moving along.  After Debian, my patience with zealots is razor-thin.