[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /sbin vs /bin

tomas@tuxteam.de wrote: 
> On Sat, Jul 30, 2022 at 02:07:58PM -0400, Greg Wooledge wrote:
> > On Sat, Jul 30, 2022 at 02:02:21PM -0400, Timothy M Butterworth wrote:
> > > Logging in as root has become taboo. Sudo is the prefered mechanism for
> > > running administrator functions. I have root set to nologin with a null
> > > password to force sudo usage.
> > 
> > This makes entering single-user mode ("rescue mode") impossible.
> 
> Agreed. There are ways around that, but logging in as root while
> physically present is a quite honourable thing to do.
> 
> Some swing this way, others the other way. Use the tool which suits
> you. Know its limitations.
> 
> FWIW, not long ago sudo had a vulnerability. It is just much more
> complex, and complexity is an enemy of security (I say that as a
> fan of sudo and as a regular user).

The OpenBSD folk created "doas", which is packaged in Bullseye. 

Description: minimal replacement for sudo
 OpenDoas: a portable version of OpenBSD's doas command
 doas is a minimal replacement for the venerable sudo. It was
 initially written by Ted Unangst of the OpenBSD project to provide 95% of the
 features of sudo with a fraction of the codebase.

I haven't used it, but I suspect it is excellent for
single-sysadmin machines.

-dsr-
Reply to: