[OT] Debian mailinglists

Marcin Kasperski Marcin.Kasperski at softax.com.pl
Mon May 26 13:05:10 UTC 2008


>     There isn't many times that I want to run *a* command as root.  Often I
> want to run a *sequence* of commands which require the elevated
> privileges of root to remain for the entire sequence.  sudoing to root
> and suing to root is functionally identical thus sudo is not needed.

Once you get used to sudo, you start running individual commands more
often. For example, nowadays I tend to walk around /etc/ from my user
account and just issue things like "sudo scite xorg.conf"
or "sudo /etc/init.d/apache2 restart". Well, I must admit I configured
sudo to accept me without password ;-)

Don't forget also about things like
    sudo make install
(which works as I am still in the correct directory etc)
or
    sudo apt-get install blahblah

>
>     Also the matter of passwords is moot.  One can simply set the root
> password to their normal account password and achieve the same effect. 
> Again, functionally identical to sudo complete with the resulting weaker
> security.

As I already mentioned, you may configure sudo to accept specific users
without entering password at all. This is reasonable for desktop boxes.
Just write:

  username ALL=(ALL) NOPASSWD: ALL

or sth similar.

On servers, you can configure sudo to accept specific users without
entering password - but only for specific commands. So you 
can - for example - allow "dbadmin" group to invoke 
   sudo -u postgres psql
and 
   sudo -u oracle sqlplus
without password - but nothing else.


>>> By default Ubuntu gives sudo access to everyone in the admin group. No
>> editing needed in your example.
>
>     Presumes everyone is going to be in the admin group.  The point of sudo
> is limiting elevated privileges to specific commands.  Since that is
> going to be unique per user editing will be required.

The fact that sudo is fairly powerful does not mean it can't be used for
trivial configs too....

Surely it is a good starting point for tuning the configuration up.

-- 
----------------------------------------------------------------------
| Marcin Kasperski   |   Most of the bad things that can happen to
| http://mekk.waw.pl | a project are the result of miscommunication.
|                    |                    (Booch)
----------------------------------------------------------------------





More information about the ubuntu-users mailing list