<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/3.6.2"> </HEAD> <BODY> 100% agree and that was what was in my post <IMG SRC="cid:1113878021.26803.3.camel@localhost.localdomain" ALIGN="middle" ALT=":-)" BORDER="0">. As I mentioned we do that for the DBAs who are NOT Sys Admins but sometimes need root equivalence for certain database tasks. On Mon, 2005-04-18 at 21:23 -0500, William F Pearson III wrote: <BLOCKQUOTE TYPE=CITE> <PRE> I think most of the posts here have missed one major benefit to sudo: With sudo in a multiple user environment you don't have to give every user sudo priveledges. If you do happen to have more the one administrator you can make it "against the rules to logon as root." By forcing admins to use sudo you can effectively log which admin is making whatever changes to the system. When someone breaks something you know who broke it. You also cause a forced accountablility which is absolutely necessary for a secure environment. Also if one admin gets fired you don't have to change the root logon, you don't risk malicious activity from an insider that knows that he will be impossible to blame. On 4/18/05, Sam Tygier <<A HREF="mailto:samtygier@yahoo.co.uk">samtygier@yahoo.co.uk</A>> wrote: > mac os x uses the sudo model by default, so it can't be that bad. > > i supose if you have a system with many users and one admin, then it makes sense for the users to be users and the admin to be root. > > for me (and i imagine most ubuntu users) i am the only person who uses my computer (appart from my homes mates checking their email, and my sister playing pingus). i am the admin. from a conceptual point of view, why should i have two accounts? i am one person. > > so why not have one account, sam, and thats what i log with everyday. sometimes i need to use synaptic, and i don't really want my housemates or sister to be able to mess around in synaptic, so it should require a password. this password is to prove that it is me, sam the admin, who wants to make a change. so it make sense that i type my password. > > now this is only the default settings, and it is not at all hard to enable a root account. the only trouble is the gui tools seem to expect sudo (could they maybe check if the root account is enabled?) > > also i think it is fairly easy with this model to have a play with the sudoers file and decide what commands you want to require a password or not. > > and one final thing. most computer users have the same password for evrything, log on, hotmail, yahoo messenger, the phone banking secret word, etc. if they had a root account they would just use the same password. so to them a root account is no more secure from someone finding their password out. > > sam > > > -- > ubuntu-users mailing list > <A HREF="mailto:ubuntu-users@lists.ubuntu.com">ubuntu-users@lists.ubuntu.com</A> > <A HREF="http://lists.ubuntu.com/mailman/listinfo/ubuntu-users">http://lists.ubuntu.com/mailman/listinfo/ubuntu-users</A> > -- William F Pearson III </PRE> </BLOCKQUOTE> </BODY> </HTML>