On Ma, 28 ian 20, 08:24:29, David Wright wrote: > > My view is that more damage is done to home systems by the sysadmins > than by external malice, so anything that protects the system from > such damage is a useful resource. I think that selective sudo¹ > provides one way of reducing damage by separating critical operations > (done by su'ing to root) from the benign day-to-day maintenance > done using sudo. > > ¹ by selective sudo I mean > > $ sudo some-command … > $ Do you mean setting up sudo only for specific commands? That is surely useful to delegate specific tasks (e.g. 'apt update && apt upgrade') to an advanced user. > rather than the locked-up sudo-only scheme that you can select with > the debian-installer. I'm not familiar with the latter. Debian's sudo setup is quite simple: members of group 'sudo' get full root privileges by providing their *own* password. 'sudo some-command' works, as well as 'sudo -i' to get a root shell. Root logins (an consequently also 'su') are disabled. In my opinion sudo is best used something like: $ sudo apt update $ apt search some_string $ apt show some_package $ sudo apt install some_package $ man some_program $ sudo some_program do_stuff_requiring_root etc. Hope this explains, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature