On Tue, 2 Apr 2013 12:43:56 -0600 Bob Proulx <b...@proulx.com> wrote:
> (Use 'visudo -f /etc/sudoers.d/local-foo' explicitly.) But > it makes upgrades easier so I do it this way. What is so difficult about that and sudoers could be for users and sudoers.d for dev changes. You could even only warn upon uncommented entries. Compare kdmrc with lightdm.conf. The mergers really should be cleverer too. It is not difficult to check the part that you are changing has not changed. Which is easier between kdmrc and lightdm.conf before the removal of commented entries and which has the most forum posts asking about examples, it is lightdm.conf. Ok so kdmrc seperating out into a seperate file like sudoers.d would be better with no merging by the system as long as you don't end up with lots of files rather than 2 like file-rc (I prefer) compared to the symlink mess. Or even worse sudo with polkit which expects users to allow default generalities and encourages them to copy and paste as root and use a browser even on servers. I have to say I am surprised there are so many threads saying polkit is superior without justification when it is clearly inferior to sudo and simply duplicates security consideration and gives 20x the auditing work. I did leave one useful tip out too. Default:username timestamp_timeout=0 will make sudo ask for the password for that particular user everytime and I believe can be used on the fly. There is no necessity to use just one user for admin. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130402211536.53efd...@kc-sys.chadwicks.me.uk
