On Fri, Dec 15, 2006 at 04:03:37PM +0100, Albert Dengg wrote: > > This way to setup sudo does not make sense to me. It is giving full root > > access to every user, which is plain bad. It must be a configuration for > > single workstation used by one person only. > well, not exactly... > normally, that kind of access ist set up only for certain groups... > (i do not use ubuntu, but it is that way on for example osx, where there > is a special admin group that allows sudo of all commands after password > prompt. of course, maybe you should not use such an account for daily > work as you shouldn't do that with the root account...) I might very well miss something there. But that does not make sense to me either. I have not tried ubuntu or osx yet, but to me, this setup means that instead of having 1 password to protect and monitor, you have several. I don't really see the point. I usually go for the following setup, use passwordless sudo for selected commands and option lists, kinda like a more configurable setuid since you restrict the option list. But for real root access, you use su (or su - actually). This way, you have one password giving root privileges. While there must be other ways, that always worked for me. I think we kinda drifted away from the original subject though :-) jacques
Attachment:
signature.asc
Description: Digital signature