Is it me or is it sudo?
Mark Haney
markh at abemblem.com
Wed Mar 28 20:20:29 UTC 2012
On 03/28/2012 01:19 PM, Joe Zeff wrote:
> On 03/28/2012 08:29 AM, Reindl Harald wrote:
>> on a usual desktop PC with a standard-user it is a VERY bad
>> idea because any attacker only needs to try "sudo anything"
>> to get full control over the machine
>
> My thoughts exactly. Except under very unusual circumstances I'm the
> only person who ever uses this PC, but I don't have sudo set up with
> nopassword. In fact, as I know the root password (being the person who
> installed Fedora) I don't have sudo set up at all. AIUI, sudo was
> written to allow people *who don't have the root password* limited
> access to administrative commands.
>
> Yes, I understand that there are times you have to use sudo instead of
> su in a production environment to ensure that everything gets logged,
> but I've never understood why anybody would do it at home. YMMV and all
> that jazz, but if this is a home box, I'd suggest asking yourself why
> you're bothering with sudo in the first place.
The only real issue there is I'm usually running multiple consoles and I
don't always pay enough attention to keep track of which console is
running root. If I use sudo I know that I can't do anything stupid in a
console that will trash the system. I may blow up my own crap, but
that's why we have backups. And that's why sudo is much safer to use
than logging in as root, at least from the command line.
--
Mark Haney
Software Developer/Consultant
AB Emblem
markh at abemblem.com
Linux marius.homelinux 3.3.0-4.fc16.x86_64 GNU/Linux
More information about the users
mailing list