Date: Thu, 05 Apr 2007 18:54:06 -0700 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: Should sudo be used? Message-ID: <4615A83E.9040803@u.washington.edu> In-Reply-To: <14989d6e0704050201s6be99be8m62aa6822299e0e6a@mail.gmail.com> References: <7d4f41f50704050142v9c73a17tb1812f218ea4416@mail.gmail.com> <8d23ec860704050147r7b7daef2k432bb20a27ae8098@mail.gmail.com> <e572718c0704050151h5f4a1b5el3359b21936d78b4a@mail.gmail.com> <8d23ec860704050154j7d0cfed5n631611f4afe32006@mail.gmail.com> <14989d6e0704050201s6be99be8m62aa6822299e0e6a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Christian Walther wrote: > On 05/04/07, Schiz0 <schiz0phrenic21@gmail.com> wrote: > [Moved answer to the bottom -- please don't use top post] >> >> On 4/5/07, Pietro Cerutti <pietro.cerutti@gmail.com> wrote: >> > >> > On 4/5/07, Schiz0 <schiz0phrenic21@gmail.com> wrote: >> > > I don't use sudo. I find it rather pointless. If I need to do >> something >> > as >> > > root, I use su to gain root privileges, then when I'm done, I exit >> and >> > > return to the original user. The user running su must be in the group >> > > "wheel" to be able to su to root. This is a simple yet convenient >> > security >> > > system. >> > >> > What when you have several people with different privileges wanting to >> > do stuff that normally only root can? Would you give your root >> > password to everyone, or rather install sudo and define exactly what a >> > user can do? >> > >> True, if that was the case I'd use sudo. But I'm the only user on my >> systems >> that I'd trust with root access, so there's no point with my setup. > > Well, sudo makes execution of several commands or script as another > user quite simple because there's no need to enter the root password. > For example I've three Access Points at home, but my machine can't > connect to the "nearest" one automatically. So I need to issue > "ifconfig ath0 scan" as root. Since I'm not root all the time, I > defined an alias that executes the command using sudo. It's just one > word, and I'm set. > > My girlfriend is using my old Laptop know, and I installed FreeBSD on > it, too. So she needs the command, too. Since she isn't used to the > Console I defined a new program/button in KDE she can press. > > So you see, there are reasons to use sudo even if you're the only user > on a system. But as anywhere else in the Unix world, there are several > different ways of how to perform a certain task, and the way one > chooses is up to him/her. One thing I find that hasn't really been mentioned is that: a) sudo can run programs under different user credentials that aren't possible with non-wheel users. For instance if I had a binary, and I told someone "hey, use sudo for this" and added them and the binary / command to a script, everyone with access as specified via the sudo file could run it. b) sudo can run commands directly instead of having to type in su, and then run the command from the su'ed shell. Unless you're trying to get root access and fall under point b., and this is your own personal machine, there's basically no use in using sudo. Besides, one less binary on your machine with those sorts of privileges offers less methods of attacking your machine in order to get elevated privileges. -Garrett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4615A83E.9040803>