[GRLUG] Distro's - was GRLUG test comment

adderd at kkmfg.com adderd at kkmfg.com
Thu May 4 18:57:04 EDT 2006


I think my biggest point is that the utility of sudo instead of su is
fairly small. If the user can sudo and do anything they want as root then
they practically might as well be root. The only change between sudo and
su (in Ubuntu's case) is that you don't have a separate password for root,
instead you use your own. Oh, and with sudo you are running one command at
a time as root so that you can get a password prompt every time.

On a completely unrelated note, as far as protection from rm -rf goes,
linux, or any other OS for that matter, could create a file system layout
such that freespace is used starting with completely free space and then
going down the list of deleted data from oldest to newest. That way you
could 'undo' a delete inless it's been a long time or you recently filled
up the drive. I'm just speaking off the cuff... It would probably cause
terrible FS performance. But something along those lines is LONG overdue.
In EXT3 files are gone gone gone once you delete them because the
journaling FS forces the inode data to zero. That really, really bites
(and, yes, I have done a delete I didn't mean to. Thank God for backups!)
A much more user and/or mistake friendly FS would really be a great thing.
In actuality, EXT3 is one of the LEAST friendly. In EXT2 or NTFS you can
usually still get your stuff back if you realize your mistake right away.

>
> Since presumably, someone who is installing an operating system - thus
> wiping out everything previously on that system - is a knowledgable
> person, why should they not get sudo rights?  Especially considering
> that same person would be the one setting the root password anyway.
>
> As for typing rm -rf, Ubuntu will not prompt for a password in that
> situation.  You're stuck with your regular user permissions.  If a
> system can be invented to protect a user's data from the user himself
> I think someone would be a millionare.
>
>

Yes, but all I am saying is that I do not believe that using sudo instead
of su really gives that much protection. A user can still mess their
machine up. Let's take a poll of the number of users that would enter
their password when asked even if they have no damn idea what they are
doing or why that screen popped up. And the user's account could still be
compromised. Usually root passwords are given a little more... care...
when being set. I've seen some really, REALLY bad passwords come out of
average users. And so, my point is not that su is superior to sudo,
because it is not. My point is that the Ubuntu application of sudo is not
really that much better than just going ahead and setting a root password
and using su.


> You're still not quite getting it...  when you run a command through
> sudo, you _are_ root as far as that command understands.  And sudo
> performs sufficient security checks for that to be OK.
>
> As far as destruction in the hands of a novice goes, see the previous
> comment about a user and his data.
>




More information about the grlug mailing list