Re: Packages - what's the best way?
Bob Proulx <bob@proulx.com> writes:
> Tyler Smith wrote:
>> Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority
>> anyways?
>
> It isn't about restricting privilege. Both have superuser privilege.
> It is about the invocation environment.
>
I hadn't thought of that. Makes sense.
> Sure if you are the only one using your own machine and nothing else
> then it doesn't matter.
I do have a habit of forgetting that not everyone is running a
single-user laptop!
>
>> Is there any security benefit to logging in as a user with
>> unlimited sudo access over just logging in as root?
>
> It isn't about security. Although the need to share passwords with su
> makes it inherently less secure.
>
>
> Accident prevention is an important safeguard. If you are operating
> with your normal command line editing environment then you are less
> likely to make mistakes.
Thanks for your comments. I'm still not sure about using 'ALL=(ALL) ALL'
in general, but at least I understand the other advantages of sudo over
su.
Cheers,
Tyler
Reply to: