Re: What can't sudo do?
On (15/03/04 14:52), Bill Moseley wrote:
> <disclaimer>I'm not a current sudo user -- know very little about it</>
>
> I'm wondering what the downside is to sudo in managing a Debian machine,
> if any, if admin duties are not shared.
>
> I don't use sudo -- I try and minimize my root access as much as possible. I jump
> into root only to apt-get install or restart a server and often do that
> all with one su command never gaining a root shell.
>
> But I'm wondering if anyone finds that they can manage a Debian machine
> fine with just using sudo, and if (as the admin) that provides much benefit.
>
> The logging would be good.
>
> Currently, my account where I spend most of my time is a normal account
> and the only way to do root stuff is to su to root. If I use sudo (to
> try and provide most admin functions) then I would worry because my
> normal account then has more privileges that I'd want. Then someone only
> need to gain access to my account instead of root. Can't ssh to root,
> but can ssh to my account, etc.
I use sudo for all my machines (servers and workstation) with full root
privileges. You can restrict what sudoers can do if you're concerned
about someone gaining access to your user account (man sudo).
I think the main benefit is that you can't do something dangerous as
root, should you forget to revert to your user account. With sudo you
have to consciously sudo each command.
HTH
Clive
--
http://www.clivemenzies.co.uk
strategies for business
Reply to: