Re: Sudo
On Mon 27 Jan 2020 at 18:21:30 (+0200), Andrei POPESCU wrote:
> On Sb, 25 ian 20, 19:28:39, Patrick Bartek wrote:
> > On Sat, 25 Jan 2020 12:27:21 -0600 Paul Johnson <baloo@ursamundi.org> wrote:
> > > On Sat, Jan 25, 2020 at 11:40 AM Patrick Bartek <nemommxiv@gmail.com> wrote:
> > > >
> > > > I never use sudo. I consider it too much a security risk even on a
> > > > system with only a single user.
> > >
> > > I'm curious for more on this perspective.
> >
> > Sudo is just another path for the unscrupulous to gain priviledged
> > access. There are so many anyway. Why add another?
>
> In the typical sudo setup the root account is locked, so both su and
> root logins are disabled.
Might we assume that the error message on trying to use su is
something along the lines of:
user so-and-so is not in the /etc/sudoers file ?
In which case it would appear that the OP originally performed a
graphical install and unintentionally chose the sudo-style
installation, since corrected.
One question: what happens when you boot into single/recovery mode
from grub—what are you presented with?
> sudo also promotes good practices by using it only when really needed,
> which is both safer (less mistakes) and more secure (less code running
> as root).
Running a home network as I do, I prefer a middle course where my
sudoers file allows me to perform benign actions as root without a
password (eg change TZ, check/examine/kick the email queue, unlock
encrypted partitions, run du/find on the entire fs, run dmesg)
but login with su to do system administration. Roots' highlighted
prompts warn me to take care with what I type.
It's always interesting to read opinions of which aspects of Debian
are too insecure for people to use.
Cheers,
David.
Reply to:
- References:
- Sudo
- From: "Harold Hartley" <wheelie207@ownmail.net>
- Re: Sudo
- From: Patrick Bartek <nemommxiv@gmail.com>
- Re: Sudo
- From: Paul Johnson <baloo@ursamundi.org>
- Re: Sudo
- From: Patrick Bartek <nemommxiv@gmail.com>
- Re: Sudo
- From: Andrei POPESCU <andreimpopescu@gmail.com>