[GRLUG] Distro's - was GRLUG test comment
Tim Schmidt
timschmidt at gmail.com
Thu May 4 19:08:07 EDT 2006
On 5/4/06, adderd at kkmfg.com <adderd at kkmfg.com> wrote:
> I think my biggest point is that the utility of sudo instead of su is
> fairly small. If the user can sudo and do anything they want as root then
> they practically might as well be root. The only change between sudo and
> su (in Ubuntu's case) is that you don't have a separate password for root,
> instead you use your own. Oh, and with sudo you are running one command at
> a time as root so that you can get a password prompt every time.
*sigh* again, try 'sudo su'
And to clear up your point, if a user has sudo rights, it's the same
as if he knew the root password, but entirely different from running
all the time as root.
> On a completely unrelated note, as far as protection from rm -rf goes,
> linux, or any other OS for that matter, could create a file system layout
> such that freespace is used starting with completely free space and then
> going down the list of deleted data from oldest to newest. That way you
> could 'undo' a delete inless it's been a long time or you recently filled
> up the drive. I'm just speaking off the cuff... It would probably cause
> terrible FS performance. But something along those lines is LONG overdue.
> In EXT3 files are gone gone gone once you delete them because the
> journaling FS forces the inode data to zero. That really, really bites
> (and, yes, I have done a delete I didn't mean to. Thank God for backups!)
> A much more user and/or mistake friendly FS would really be a great thing.
> In actuality, EXT3 is one of the LEAST friendly. In EXT2 or NTFS you can
> usually still get your stuff back if you realize your mistake right away.
It's called version control and frequent backups.
> Yes, but all I am saying is that I do not believe that using sudo instead
> of su really gives that much protection. A user can still mess their
> machine up. Let's take a poll of the number of users that would enter
> their password when asked even if they have no damn idea what they are
> doing or why that screen popped up. And the user's account could still be
> compromised. Usually root passwords are given a little more... care...
> when being set. I've seen some really, REALLY bad passwords come out of
> average users. And so, my point is not that su is superior to sudo,
> because it is not. My point is that the Ubuntu application of sudo is not
> really that much better than just going ahead and setting a root password
> and using su.
sudo isn't there for protection. It's there for becoming root.
Regular users shouldn't have sudo rights just like regular users
shouldn't know the root password. Those things are for admins only.
--tim
More information about the grlug
mailing list