Re: Buster install

To: debian-user@lists.debian.org
Subject: Re: Buster install
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Tue, 16 Jul 2019 09:12:03 -0400
Message-id: <[🔎] 20190716131203.GK2450@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20190716070855.ho44jmkixjp3i7th@localhost>
References: <[🔎] 201907131633.19929.Howland@priss.com> <[🔎] 201907131815.25437.Howland@priss.com> <[🔎] 20190714062955.kj6opx7u55w6vmxy@localhost> <[🔎] 20190715142034.GG2450@eeg.ccf.org> <[🔎] 20190716070855.ho44jmkixjp3i7th@localhost>

On Tue, Jul 16, 2019 at 10:08:55AM +0300, Andrei POPESCU wrote:
> Let me suggest an alternative workflow:
> 
>   * Do everything from a user account, except for the (very few) actions 
>     that actually require elevated privileges.

Yes, of course, obviously.  This is exactly what I do, and what I assume
everyone else does.

I'm talking about that one time a month (or year) where you need a root
shell for some special purpose.  apt-get update/upgrade don't count,
because those can be done simply by sticking sudo in front of them.  Also,
they're ridiculously common, so it's not like I need to read the man pages
for them any more.

> Looking up man pages, retrieving package information, check networking 
> info[1], etc. is only ever done from the user account. I switch to root 
> only when I need to do apt update/upgrade/install/etc., edit 
> configuration files, restart daemons/system, etc.

For most of those, I don't even NEED a root shell.  I can stick sudo
in front of a regular command as needed.

I'm talking about the exceptions to the rule.  Those times when you need
to be root *for a while*, either because you're working on files that
are inside a directory without universal r/x permissions, or because
you're doing a bunch of commands in a row, etc.  Or simply because the
remote server doesn't have sudo installed.

These things are just rare enough that it's not worth it (to me) to
spend a whole bunch of time reconfiguring every system to have the
desired behavior from "su".  But other people are free to run their
cost evaluations and come up with different results.

The reason I specifically pointed out man pages is because for me, the
typical sequence of events is something like:

ssh into remote server as root
start fixing stuff
realize that I don't know everything I need to know
realize that the man pages on my local workstation will not match the server
man foobar on the server
headdesk because the man page just vanished when I pressed q

Now, the "obvious" fix to that issue is to ssh in as myself, and then
use "su" to become root.  But that gives the wrong PATH under buster.
Or, I could ssh in as myself, then "sudo -s" to get a shell (if sudo is
even installed), but then I lose my customized environment.

I've recently learned that "sudo -sE" may be a better choice, as that
might preserve your environment.  Or it might not.  It's really hard
to tell, because sudoers(5) is one of the worst man pages in history,
written by and for aliens.

Reply to:

References:
- Buster install
  - From: Curt Howland <Howland@priss.com>
- Re: Buster install
  - From: Curt Howland <Howland@priss.com>
- Re: Buster install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Buster install
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Buster install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

Prev by Date: Fragility of PXE netboot
Next by Date: ACTUALIZADO: Politicas, Normas y Procedimientos Internos
Previous by thread: Re: Buster install
Next by thread: amdgpu requires firmware installed
Index(es):
- Date
- Thread