[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SUDO

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Dec 03, 2007 at 05:27:17PM +0100, Dan H wrote:
> On Mon, 03 Dec 2007 15:47:09 +0100 Jostein Elvaker Haande
> <jehaande@gmail.com> wrote:
> 
> > erik	ALL=(ALL) ALL
> 
> I've always heard people discouraging root logins or "su" and using
> sudo instead. I know how sudo works and how to fine-tune system access
> with it, but is the above suggestion in any way different or safer
> than a root login?
> 
> --D.
> 

Using sudo the way Jostein suggested is just as open to problems as
logging in as root is, and should be avoided at all costs. Sudo was made
to save the user from hassle, for example, to play Wesnoth I need to
have access to the SDL framebuffer, but since you need to have root
permissions to access it I granted myself permissions just to Wesnoth.

pobega	ALL=NOPASSWD	/usr/games/wesnoth

And aliased in my shell:

alias wesnoth	'sudo /usr/games/wesnoth'

So when I run `wesnoth`, the framebuffer is automagically started and
I'm granted root permissions just for this one operation.

At least, that's how I think sudo should be used. I suppose you could
take ten people and they'd each find different uses for a single
program, but sudo is in NO WAY a replacement for su. 

- -- 
If programmers deserve to be rewarded for creating innovative
programs, by the same token they deserve to be punished if they
restrict the use of these programs. 
 - Richard Stallman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHVDM6g6qL2BGnx4QRAqhKAJ9XK9mdoEYkZzHzuv+w3mqqj1kRxgCeJBYG
R3vVZd1pH3Xt/M7VHuRS5so=
=VpNL
-----END PGP SIGNATURE-----
Reply to: