[plug] sudo

[William Kenworthy]

sudo is just an alternate way of running commands as root.  

The advantages for me are that I can set commands up (view logs,
hibernate, run scripts that need root permissions -e.g., when moving the
laptop across networks) as a user.  I often have people sitting next to
me whilst I am doing demos or working so they are intently looking at my
screen - a situation where I dont want to type any password (ever
noticed tho that these days many people "tune out" or look away when one
starts typing a password - good manners!)  I have sudoers set for
NOPASSWORD to run the common stuff (note that I have not given it
wildcard access tho), but am forced to leave a root terminal open as
there is always something unexpected (to avoid typing a root password
when someone is watching - unexpected things often include fault finding
USB stick problems ('orrible things!) as almost everyone I see these
carries their data around on them these days, running out of swap (1g
ram, 2 g swap) - have needed to create a swapfile in a hurry(!) when
working on large spreadsheets) .  It also allows me to have user desktop
icons for user operations such as change networks that work without
entering passwords.

I am acutely aware of the dangers of typing passwords many times a day
in public view - sudo can help here.  Also, in my case the user and root
password are equally important and sensitive - its the data I have and
am working on that is important, the system is secondary and both
accounts can access the data equally.  Once logged in, I am
"authorised", and in general dont want to be bothered re-entering
passwords in public view for common tasks.  Constant reauthorisation is
dangerous in my situation.

There are many scenarios for managing a unix/linux system, and what is
suitable for a server/workstation/laptop/equipment controller is not the
same, even amongst the same classification - sudo allows flexibility
with a degree of safety.  Not total security, but thats a tradeoff in
many areas where sudo can help.

BillK


On Thu, 2005-03-24 at 20:37 +0800, Arie Hol wrote:
> 
> On 24 Mar 2005 at 19:10, Craig Dyke wrote:
> 
> 8<----------------- snip ------------------>8 
>  
> > I would like it if someone would explain my misunderstanding of why 
> > 'sudo' is considered
> > good / better / safer than a root account?
> > 
> > Craig
> > 
> Another thing to consider :
> 
> If you have no root account - you minimise the risk of an outsider gaining access to and control of 
> of your box - intruders need to gain access as a user first - this makes their task more difficult.
> 
> They first need to crack a 'username' and then they have to crack the username 'password', and then 
> sudo to get root access (subject to any restrictions on sudo).
> 
> With a 'root' account they only have to crack the 'password' and they own your box.
> 
> HTH
> 
> Regards Arie
> ------------------------------------------------------------------
>  For the concert of life, nobody has a program.
> ------------------------------------------------------------------
> 
> 
-- 
William Kenworthy <billk at iinet.net.au>
Home!