Am 18.11.2015 um 19:49 schrieb Adam Jackson:
On Tue, 2015-11-17 at 17:30 +0000, Andrew Haley wrote:
> On 11/02/2015 03:05 PM, Adam Jackson wrote:
>> But, why take the risk exposure, when you could simply not?
>
> How else would I edit root-owned files? I don't get it. I mean,
> I guess I could run an editor in a text window, but I don't want to
> do that.
That's kind of a non sequitur. To a first order, there are zero root-
owned files you need to edit routinely. And I feel pretty comfortable
calling any counterexamples bugs that need fixing
hopefully all configuration files on your system are root-owned and
"routinely" is not black and white because it depens on your use-cases
as serveradmin you *routinely* edit root-owned files and *yes* i pull
them from 35 machines to a dedicated admin server and open them all
together in a GUI editor with tabs to make changes i want to have on all
servers while the file itself is machine specific
why?
because it's much faster than login to each and every machine when i can
pull them with a script, edit them centralized and push them back
followed by a "distribute-command 'systemctl condrestart
affected-service'" and it saves a ton of overhead for configuration
management tools with their own security issues all the time