Le 22/05/2016 12:22, Fernando M. Maresca a écrit :
On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote:
My solution has always been to keep users and root *separate*,
avoiding sudo altogether, and to ask myself to wear an appropriate
"magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that
I keep on my desk) whenever a part of myself has to become root and
perform a configuration task. I know that whenever I am wearing the
"magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I
have to put extra care on whatever I do, since a mistake could cause
the regular users of my system (including the other part of myself) to
suffer unnecessary pain and disruption.
No automagic tool can save you from your own stupidity. You need a
system administrator to manage your linux box, and investing a bit of
time in training a part of yourself for that task, and 2$ in buying a
"magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is
really worth the effort, and the price :)
very +1
and keep in mind: real men do everything as root and don't make
backups :)
I think sudo main advantage is to grant certain administrative
privileges to junior sysadmin or regular users, without to reveal the
root password.
I use both.
On hosts with many users and subsystems, I give permissions to
others to act as (eg) mysql-admin, web-admin, elog-admin, or just
halt/reboot. I can't do/know everything and must give priviledges to
others. sudo is fitted for that.
On my laptop I use su because I'm too lazy to configure sudo, but
I'm sure I would save time by allowing myself to run ifupdown without
password.
Didier
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
