Re: [OT Humor] "Obviously designed by morons"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/21/2011 02:19 PM, Joe Zeff wrote:
> On 03/21/2011 12:54 PM, suvayu ali wrote:
>> If I may ask, what is wrong with sudo? Specially when configured with PASSWD?
> If you have the root password, it's the wrong tool for the job.  It's
> designed, AIUI, for people who *don't have* the root password to have
> *limited access* to specific root commands.  It can also be used (as I
> described in a different message) to allow people *limited access* to
> programs that they'd not normally be able to run.  If you have the
> password, there's no reason that I can see to pretend you don't.  In
> fact, in Fedora, you can't even set sudo up so that you can use it
> without using the *root password!*

Gah!  The old man is forced to reply to such ...

First of all, after nearly 30 years of UNIX and then Linux 
administration, I would not hire you into my group with a belief such as 
that.

There is an old saying: 'The palest ink is better than the best of 
memories.'

The main advantage, and one of the main reasons for sudo, is logging.

Maybe you can remember everything you typed as root a year ago, but I 
certainly cannot.  The shell history of root is not sufficient.  Process 
accounting is not sufficient.

If you examine the sudo logs you will find not only date and time 
stamps, but much of the environment settings of how the command was 
executed.  Failure to make this available to yourself during a 
diagnostic session is unwise.

Spend some time in /var/log/secure and get back to us about how logging 
in as root is superior.

I will take exception only to those times when I MUST chain several 
commands together, and each time that happens I evaluate whether to 
script it instead.  So should you.

Good Luck!
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux