to...@tuxteam.de wrote: > On Sat, Jul 30, 2022 at 02:07:58PM -0400, Greg Wooledge wrote: > > On Sat, Jul 30, 2022 at 02:02:21PM -0400, Timothy M Butterworth wrote: > > > Logging in as root has become taboo. Sudo is the prefered mechanism for > > > running administrator functions. I have root set to nologin with a null > > > password to force sudo usage. > > > > This makes entering single-user mode ("rescue mode") impossible. > > Agreed. There are ways around that, but logging in as root while > physically present is a quite honourable thing to do. > > Some swing this way, others the other way. Use the tool which suits > you. Know its limitations. > > FWIW, not long ago sudo had a vulnerability. It is just much more > complex, and complexity is an enemy of security (I say that as a > fan of sudo and as a regular user).
The OpenBSD folk created "doas", which is packaged in Bullseye. Description: minimal replacement for sudo OpenDoas: a portable version of OpenBSD's doas command doas is a minimal replacement for the venerable sudo. It was initially written by Ted Unangst of the OpenBSD project to provide 95% of the features of sudo with a fraction of the codebase. I haven't used it, but I suspect it is excellent for single-sysadmin machines. -dsr-