Kent West wrote: > The original claim was that sudo provides no benefit on a single-user > machine. Correct. > We both seem to agree that sudo provides logging. Correct. > You claim that you don't need logging on a single-user machine, because > you know what you (the single-user admin) did when, whereas I claim that > I find it useful to have a record of what I've done when. While that record may be useful as I have pointed out it is not the only way that logging of what you've done can be achieved. One doesn't need sudo to log when one installs things. aptitude, which amazingly as the de facto standard for Debian currently, logs information so your provided example is moot. While I'm sure you can contrive other examples the idea of logging commands as an incidental reminder of other things is hardly a top priority when people are installing sudo and thus I don't think exactly falls under a benefit of sudo. Generally speaking when people want to have a reminder of something they might get better utility of a pen and a pad of post-its than sudo. > So, are you saying the logging provided by sudo on a single-user machine > is or is not a benefit? I'm saying that it is irrelevant on a single-user machine as pretty much any reason that one would want logging does not apply to a single user machine and any contrived examples are incidental and generally applicable to a dozen or three other applications in both the incidental sense or in the specific sense. IE, want a reminder on the computer, get a PIM application. Etc. The benefit of sudo logging is so when multiple people are engaged in root level operations and something gets toasted an individual other than the one who toasted that something has a snowball's chance in hell of being able to repair it by first reviewing the logs to: A: see what was done and. B: who did it so they can thwack said person's knuckles with a ruler before C: undoing said damage. So while *you* find it useful to your memory that on the day you installed X with using sudo and grepping the logs to find X so you know when Y happened that is not a benefit of sudo as one can do it by a dozen or three different means on or off the computer. sudo logging for an audit trail in a multi-user root level environment, on the other hand, is a fairly unique property to sudo and is a benefit... just not one to a single-user environment. > Okay, I can see that you don't find benefit in using sudo. I still > disagree with the global claim (which is what this entire thread has > been about) that there is "*NO* benefit" to using sudo on a single-user > machine. Would you then agree that the supposed benefits of sudo in a single-user environment are far outweighed by the troubles of trying to wrangle people into using it instead of just teaching them good habits (regardless of tools) and getting them working. I mean think about the irony here. This thread started because someone wanted to install some software. Someone else told them how to do it with root. Someone else came along and told 'em they really should use sudo. If they don't have sudo (which Debian doesn't install by default AFAIK) then what do they have to do? Oh, install software as root... which is the very thing they wanted to do in the first place and told was bad! I just don't like seeing that 3-4 message exchange every time some newbie wants to install software. It has to be frustrating for them. Something tells me when they're looking to install software the fact that sudo can log that command doesn't even enter their mind as a desirable trait. :P -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. -------------------------------+---------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature