On Sun, 5 Aug 2007, Matthew Wild wrote:
> On 8/5/07, Chris Rowson <[EMAIL PROTECTED]> wrote:
> > On Sun, 5 Aug 2007, Paul Sladen wrote:
> > > sudo grep '[s]udo' /var/log/auth.log
> > Well, if you're computer still works eh ;-)
> How do you get around sudo -i or sudo bash?
The best solution is to not use "sudo su/sudo -i/sudo -s/sudo bash"...
Using 'sudo' proactively is social issue---eg. "please, please use sudo for
everyone's continued sanity". Social issues are _not_ best solved by
technical means; if somebody really wants to exercise their power, they can
use "(recovery mode)", insert a LiveCD, or remove the hard-drive entirely.
You can do the following in '/etc/sudoers':
%admin ALL=(ALL) ALL, !/bin/su, !/bin/bash
and I do have the above config on machines, but the line is only there as a
reminder to everyone that 'sudo' should be used one-command-at-a-time.
Life is not about getting *around* sudo, life is about using sudo to your
advantage; even when I do end up at a root prompt, I still do a 'sudo'
before each priviliged command I run and also leave little debugging
comments like "sudo echo 'about to try to delete xyz from the passwd db'".
-Paul
--
Why do one side of a triangle when you can do all three. Helsinki, FI
--
ubuntu-uk@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
https://wiki.kubuntu.org/UKTeam/
