Re: Re: Packages - what's the best way?
Kelly Clowers <kelly.clowers@gmail.com> writes:
>> On Sun, Nov 14, 2010 at 23:20, Andrei Popescu <andreimpopescu@gmail.com> wrote:
>>> On Du, 14 nov 10, 20:54:42, Bob Proulx wrote:
>>>>
>>>> And if 'sudo' isn't configured for you then that is the first thing
>>>>that you will want to do. :-)
>>>>
>>>> # visudo
>>>> rob ALL=(ALL) ALL
>>>
>>> What's wrong with su?
>>
>> It is the The Wrong Way(TM), because it involves giving everyone the
>> root password
>> and unlimited authority, and it has very little in the way of logging.
>Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority
>anyways? Is there any security benefit to logging in as a user with
>unlimited sudo access over just logging in as root?
>I don't see the point of sudo *except* to allow fine-grained control to
>select programs to select users. Using it to provide open access seems
>counter-productive.
>
>t
I'd have to agree, especially how many distros automatically give ALL permissions to all local users. At least with su you have to *tell* them the root password, which means you have to trust them. The BSD su's wheel group also serves this purpose. Giving someone the right to sudo su seems (IMHO) to defeat the purpose of sudo. I'm all for sudo over su (for things like halt, apt-get, etc.), but if you give users ALL permissions then you are basically creating multiple root passwords, thus (in theory) multiplying significantly the risk of a system breach.
Anyways, in the GUI world i'll second gdebi. In the console world I find the easiest way is just to dpkg -i, and then if there are unmet dependencies run aptitude and let it autoresolve the dependencies (not very elegant, but the easiest way i've found).
rbmj
Reply to: