to...@tuxteam.de wrote:
> On Sat, Jul 30, 2022 at 02:07:58PM -0400, Greg Wooledge wrote:
> > On Sat, Jul 30, 2022 at 02:02:21PM -0400, Timothy M Butterworth wrote:
> > > Logging in as root has become taboo. Sudo is the prefered mechanism for
> > > running administrator functions. I have root set to nologin with a null
> > > password to force sudo usage.
> >
> > This makes entering single-user mode ("rescue mode") impossible.
>
> Agreed. There are ways around that, but logging in as root while
> physically present is a quite honourable thing to do.
>
> Some swing this way, others the other way. Use the tool which suits
> you. Know its limitations.
>
> FWIW, not long ago sudo had a vulnerability. It is just much more
> complex, and complexity is an enemy of security (I say that as a
> fan of sudo and as a regular user).
The OpenBSD folk created "doas", which is packaged in Bullseye.
Description: minimal replacement for sudo
OpenDoas: a portable version of OpenBSD's doas command
doas is a minimal replacement for the venerable sudo. It was
initially written by Ted Unangst of the OpenBSD project to provide 95% of the
features of sudo with a fraction of the codebase.
I haven't used it, but I suspect it is excellent for
single-sysadmin machines.
-dsr-
