Re: Bug#739657: gnuhealth-server: fails to install: gnuhealth-server.postinst: sudo: not found
Hi all,
2014-02-24 9:21 GMT+01:00 Andreas Tille <andreas@an3as.eu>:
> Hi Emilien,
>
> On Sun, Feb 23, 2014 at 11:29:16PM +0100, Karsten Hilbert wrote:
>> > OK, but why?
>> > What I'm missing so far is an explanation on why we shouldn't use sudo for
>> > this use-case.
>>
>> I have heard the following argument from among Debian Devs:
>>
>> su is included with any installation (unless
>> forcefully removed) while sudo is optional
>
> +1
Yes, that makes sense.
Although for a package that requires more than 400Mb of dependencies
(Tryton takes in parts of LibreOffice, etc.) one extra dependency on a
package that is installed on 76% of machines (more details below)
shouldn't be a deal breaker (and that's in line with what you both
express in the next paragraph)
>> However, I don't feel depending on sudo is
>> the End of The World.
>
> I agree that it is not the end of the world.
>
>> Also, your characterization
>>
>> > Following the Unix philosophy of using a collection of specialized small
>> > tools that do one thing best, when performing an action as another user it
>> > seems to be the correct thing to use a tool that "execute a command as
>> > another user" rather than one whose primary goal is "change user ID or
>> > become superuser"
>>
>> seems fairly succinct.
>
> As I said I personally regard the manpage as some unfortunate wording here.
I do think the manpages are rather correct:
- su to switch user (default to root, can select other user), and a
possibility to execute a command (but primary goal to be logged in as
that user)
- sudo to execute a command as another user (default to root, can
select other user), with optional "features" such as limiting who can
do what as another user, and logging who performed which command (none
of these used in the current use-case)
> I learned `su` as "switch user" with the reasonable default to switch to
> UID=0 (== root) but rather as a general means to switch to *any* user at
> a given system and as the manpage perhaps less prominently but obviosly as
> first option says it has an option
>
> -c, --command COMMAND
> Specify a command that will be invoked by the shell
>
> My preference for su is that it is basic simple and you do not need to
> install an extra package. In contrast to su my perception of sudo was
> always that by some reasonable confirguration you can give some fine
> grained permissions to enable users becoming different roles by just
> knowing their own password or a dedicated sudo password.
That is correct, although if you install the Desktop variant, as
explained on the wiki [0] sudo will be installed and configured to
allow the first user to execute commands as root using sudo.
It's pretty much a colours/flavors question: I never use su, but
always execute only those commands that need to be run by root using
sudo.
I see that a bit similar as the question about not allowing root to
log in via ssh: it won't prevent any disaster just by itself, but
could make it harder or delay it.
> I personally
> never used it to execute a command but only to become a different user
> in a login shell and than do things. This is exactly the inverse usage
> as it is written in the manpage. It simply might be me but since I
> might have the wrong guut feeling I would like you to dig for other
> resources (like some look into /var/lib/dpkg/info or simply asking at
> debian-mentors@lists.debian.org what people might think there).
Yes, I will do that.
Already just looking at popcon (obvious notice about [un]reliability
of that data applies):
- There are 167453 registered popcon users that sent information
- corutils (package that amongst others, contains su) sports 167451
installations (99.998% of installs) [1]
- sudo reports 127695 installations (76% of installs) [2]
> I think both solutions are OK if they are working but I personally would
> definitely use the su-solution and would not spend a slight moment to
> think about sudo.
I am also open to use su instead of sudo. That's even what I first
did, but (for some reason I can't remember) didn't get the command to
run succesfully using su, so I switched to sudo.
Regardless of what comes out of the investigation and on the mentors
ML, I will try to make it work using su, and figure if I can reproduce
my issue with it.
I look at this as a good learning moment.
+Emilien
[0] https://wiki.debian.org/sudo
[1] http://qa.debian.org/popcon.php?package=sudo
[2] http://qa.debian.org/popcon.php?package=coreutils
Reply to: