[OpenIndiana-discuss] User roles and acting as root
Gabriele Bulfon
gbulfon at sonicle.com
Tue Jun 14 20:35:46 UTC 2011
Up until OpenSolaris, my first and only command was some "enters" on a "#".
Just root, and just commands, for a life.
Now I had times with opensolaris wanting me to pfexec everything.
On OpenIndiana pfexec behave differently and does not run privileged as it did on OSol.
And, afterall, sudo just asks for your password once, and it's done forever....
At least for the "first" user you configure on OI.
Where is security here??
----------------------------------------------------------------------------------
Da: Dan Swartzendruber
A: Discussion list for OpenIndiana
Data: 14 giugno 2011 20.54.35 CEST
Oggetto: Re: [OpenIndiana-discuss] User roles and acting as root
Ken Gunderson wrote:
Which is useful in environments where you have jr. sysadmins, backup
operators, etc., i.e. different roles, not all of which you want/trust
to have full root access, so tasks can be limited to only those
necessary to fulfill that role.
On a boxes where I, or one or two others I know and trust, are the only
admin(s), I find sudo a complete pita and never use it. When I want
root it's because I need to get something done and sudo just gets in my
way and adds unnecessary typing w/o any benefit - if I'm going to make a
typo or brain fart so bad as to blow up the box, sudo is not going to
save me. Much better to actually have a # in your prompt and adhere to
the old sysadmin adage of sitting on your hands for 5 seconds before
hitting enter...
The point being here, that while sudo does have it's place, it's not the
magic bullet some would have us believe it is.
Agreed. In general, my first and only command (as myself) after logging
in, is: 'sudo -i'.
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the OpenIndiana-discuss
mailing list