[OpenIndiana-discuss] User roles and acting as root
Ken Gunderson
kgunders at teamcool.net
Tue Jun 14 18:53:18 UTC 2011
On Tue, 2011-06-14 at 11:23 -0700, Alan Coopersmith wrote:
> On 06/14/11 10:05 AM, Gabriele Bulfon wrote:
> > Thanx for your reply,
> > I understand the security issue.
> > But, is it so much more secure when you can just sudo commands?
> > Where is the difference?
>
> With sudo, you choose to only run commands that need extra privileges
> with those privileges - most of the commands a normal user runs don't
> need that, so why use it and run the risk of either operator error
> or buggy software doing more damage than normal?
>
Which is useful in environments where you have jr. sysadmins, backup
operators, etc., i.e. different roles, not all of which you want/trust
to have full root access, so tasks can be limited to only those
necessary to fulfill that role.
On a boxes where I, or one or two others I know and trust, are the only
admin(s), I find sudo a complete pita and never use it. When I want
root it's because I need to get something done and sudo just gets in my
way and adds unnecessary typing w/o any benefit - if I'm going to make a
typo or brain fart so bad as to blow up the box, sudo is not going to
save me. Much better to actually have a # in your prompt and adhere to
the old sysadmin adage of sitting on your hands for 5 seconds before
hitting enter...
The point being here, that while sudo does have it's place, it's not the
magic bullet some would have us believe it is.
--
Regards-- Ken Gunderson
More information about the OpenIndiana-discuss
mailing list