On Sun, May 22, 2016 at 07:22:44AM -0300, Fernando M. Maresca wrote: > > > > On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote: > > > My solution has always been to keep users and root *separate*, > > avoiding sudo altogether, and to ask myself to wear an appropriate > > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that > > I keep on my desk) whenever a part of myself has to become root and > > perform a configuration task. I know that whenever I am wearing the > > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I > > have to put extra care on whatever I do, since a mistake could cause > > the regular users of my system (including the other part of myself) to > > suffer unnecessary pain and disruption. > > > > No automagic tool can save you from your own stupidity. You need a > > system administrator to manage your linux box, and investing a bit of > > time in training a part of yourself for that task, and 2$ in buying a > > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is > > really worth the effort, and the price :) > > very +1 > > > and keep in mind: real men do everything as root and don't make > backups :) > > I think sudo main advantage is to grant certain administrative > privileges to junior sysadmin or regular users, without to reveal the > root password. >
sudo is undeniably handy when administration is shared among several admins, but in those cases it should be used with extreme care. I know of real situations when one of the sudoers was allowed to edit /etc/sudoers, and left the machine unusable by other admins due to a syntax error in /etc/sudoers... Again, tools are just tools, and can't be replacements for policy and knowledge. If one has to use something like sudo, I prefer the approach of simpler tools, in the same spirit of "sup" https://git.devuan.org/jaromil/sup). My2Cents KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
