Re: Sudo

[David Wright <deblis@lionunicorn.co.uk>]

On Mon 27 Jan 2020 at 18:21:30 (+0200), Andrei POPESCU wrote:
> On Sb, 25 ian 20, 19:28:39, Patrick Bartek wrote:
> > On Sat, 25 Jan 2020 12:27:21 -0600 Paul Johnson <baloo@ursamundi.org> wrote:
> > > On Sat, Jan 25, 2020 at 11:40 AM Patrick Bartek <nemommxiv@gmail.com> wrote:
> > > >
> > > > I never use sudo.  I consider it too much a security risk even on a
> > > > system with only a single user.
> > > 
> > > I'm curious for more on this perspective.
> > 
> > Sudo is just another path for the unscrupulous to gain priviledged
> > access. There are so many anyway.  Why add another?
> 
> In the typical sudo setup the root account is locked, so both su and 
> root logins are disabled.

Might we assume that the error message on trying to use su is
something along the lines of:

user so-and-so is not in the /etc/sudoers file ?

In which case it would appear that the OP originally performed a
graphical install and unintentionally chose the sudo-style
installation, since corrected.

One question: what happens when you boot into single/recovery mode
from grub—what are you presented with?

> sudo also promotes good practices by using it only when really needed, 
> which is both safer (less mistakes) and more secure (less code running 
> as root).

Running a home network as I do, I prefer a middle course where my
sudoers file allows me to perform benign actions as root without a
password (eg change TZ, check/examine/kick the email queue, unlock
encrypted partitions, run du/find on the entire fs, run dmesg)
but login with su to do system administration. Roots' highlighted
prompts warn me to take care with what I type.

It's always interesting to read opinions of which aspects of Debian
are too insecure for people to use.

Cheers,
David.