[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages - what's the best way?

Bob Proulx <bob@proulx.com> writes:

> Tyler Smith wrote:
>> Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority
>> anyways?
>
> It isn't about restricting privilege.  Both have superuser privilege.
> It is about the invocation environment.
>

I hadn't thought of that. Makes sense.

> Sure if you are the only one using your own machine and nothing else
> then it doesn't matter.  

I do have a habit of forgetting that not everyone is running a
single-user laptop!

>
>> Is there any security benefit to logging in as a user with
>> unlimited sudo access over just logging in as root?
>
> It isn't about security.  Although the need to share passwords with su
> makes it inherently less secure.
>

>
> Accident prevention is an important safeguard.  If you are operating
> with your normal command line editing environment then you are less
> likely to make mistakes.

Thanks for your comments. I'm still not sure about using 'ALL=(ALL) ALL'
in general, but at least I understand the other advantages of sudo over
su.

Cheers,

Tyler
Reply to: