Re: star office debian-correct installation

[Dave Sherohman <esper@sherohman.org>]

On Sun, Jun 10, 2001 at 10:25:23PM -0700, Mark Wagnon wrote:
> On 06/10/01 17:37:44 -0400, Jonathan D. Proulx wrote:
> > You don't need to be root, using "sudo" is fine.  If you don't know
> > what sudo is, install it and read the man page then ask here, it's
> > *very* useful.
> 
> I've never used sudo. Whenever I need to do something as root, I use
> su. What's the difference? Is one better/more secure than the other?

That is a topic of much debate.  In general, I fall on the "sudo is evil"
side of the fence, but the basic arguments are:

pro-sudo:  It allows you to give limited root access to certain users
without requiring that they know the root password.  This allows you to
distribute administrative tasks to various people without giving them
full control of the machine.

anti-sudo:  It allows you to give limited root access to certain users
without requiring that they know the root password.  This allows an
attacker to obtain elevated privileges on the machine by discovering
only a user password instead of requiring that they find both a user
password and the root password.

IMO, one well-controlled point of vulnerability (the root password)
is preferable to several uncontrolled points of vulnerability (user
passwords).  The only time I think sudo is worthwhile is on a multiuser
machine where all admin power cannot. for whatever reason, be concentrated
in a single person.  And even then, you have to be very careful about
what commands you allow to be run through sudo - if you can open a shell
from something run under sudo, you've got a fully-empowered root shell,
easy as that.

-- 
That's not gibberish...  It's Linux. - Byers, The Lone Gunmen
Geek Code 3.12:  GCS d? s+: a C++ UL++++$ P++>+++ L+++>++++ E- W--(++) N+
o+ !K w--- O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv+ b+ DI++++ D G e* h r y+