The big thing for me about Ubuntu, etc... is not the fact they use sudo a lot, it is that by default they do not allow root login at all. If the /home partition has problems, you must login as a user, then sudo to root, then attempt to dismount /home and work on it, which will not work since /home has files open (since you logged in as a user with a home directory in /home). So, I have to boot off some other media to do repair work on /home (or fix the login)
sudo vs su is an interesting decision to make, but not allowing root login is a matter of too much security to get your job done. Rod On 05/22/2016 02:34 AM, Lars Noodén wrote: > On 05/22/2016 12:38 AM, Paweł Cholewiński wrote: >> Read this >> http://unix.stackexchange.com/questions/35338/su-vs-sudo-s-vs-sudo-i-vs-sudo-bash >> >> >> Paweł > > That's a good comparison with sound analysis but looks like it tries to > use sudo just as if it were su. They are very different tools with very > different use-cases. > > There are two main advantages of sudo which almost never get mentioned > as too many systems *cough*ubuntu*cough*mint*cough* are set up to allow > 'sudo -i' by default: One advantage of sudo is that control can be > granted in a highly granular way. Specific programs with only specific > options can be made available to specific users. Another advantage is > an all but unknown auditing system which shows which account did or > tried what and exactly when. See 'sudoreplay' for that. > > As far as default settings go, instead of defaulting to > > %sudo ALL=(ALL:ALL) ALL > > I'd raise the bar, with a default sudoers something like this: > > %sudo ALL=(ALL) /usr/bin/apt-get update, \ > /usr/bin/apt-get install [A-Za-z0-9][A-Za-z0-9-]*, \ > /usr/bin/apt-get remove [A-Za-z0-9][A-Za-z0-9-]*, \ > /usr/bin/apt-get autoremove, /usr/sbin/visudo "" > > Maybe in a future version of Devuan, some changes to sudoers can be > considered. > > Michael W Lucas has had very useful presentations on sudo: > > > https://www.bsdcan.org/2014/schedule/attachments/283_2014-04-29%20sudo%20tutorial%20-%20bsdcan%202014.pdf > > https://www.youtube.com/watch?v=o0purspHg-o > > but his book 'Sudo Mastery' is even more useful. IMHO it's not that > sudo is any harder than most other utilities, it's just that common > misuse has gotten the herd heading off in the wrong direction. > > regards, > /Lars > _______________________________________________ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Rod Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 214.827.2170 http://www.dailydata.net _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng