Re: SUDO

[Ron Johnson <ron.l.johnson@cox.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/03/07 10:47, Michael Pobega wrote:
> On Mon, Dec 03, 2007 at 05:27:17PM +0100, Dan H wrote:
>> On Mon, 03 Dec 2007 15:47:09 +0100 Jostein Elvaker Haande
>> <jehaande@gmail.com> wrote:
> 
>>> erik	ALL=(ALL) ALL
>> I've always heard people discouraging root logins or "su" and using
>> sudo instead. I know how sudo works and how to fine-tune system access
>> with it, but is the above suggestion in any way different or safer
>> than a root login?
> 
>> --D.
> 
> 
> Using sudo the way Jostein suggested is just as open to problems as
> logging in as root is, and should be avoided at all costs. Sudo was made
> to save the user from hassle, for example, to play Wesnoth I need to
> have access to the SDL framebuffer, but since you need to have root
> permissions to access it I granted myself permissions just to Wesnoth.

Wouldn't it be better to just give the "games" group rw access to
the SDL framebuffer, and add yourself to the games group?

> pobega	ALL=NOPASSWD	/usr/games/wesnoth
> 
> And aliased in my shell:
> 
> alias wesnoth	'sudo /usr/games/wesnoth'
> 
> So when I run `wesnoth`, the framebuffer is automagically started and
> I'm granted root permissions just for this one operation.
> 
> At least, that's how I think sudo should be used. I suppose you could
> take ten people and they'd each find different uses for a single
> program, but sudo is in NO WAY a replacement for su. 


- --
Ron Johnson, Jr.
Jefferson LA  USA

%SYSTEM-F-FISH, my hovercraft is full of eels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHVFP+S9HxQb37XmcRAj/IAKCc7voHv7OCR9porqM8I9LwJfueCwCgrwUm
CT75ywY19GY70VOM5tzoDM0=
=Du3R
-----END PGP SIGNATURE-----