On Mon, 24 Feb 2020 14:33:25 +0100 Tito via Dng <dng@lists.dyne.org> wrote:
> and only for known "safe" commands. For everything else, it'd be much > better to just log in on a tty as root. Same goes for su. > > for sudo only if set > > user ALL=(ALL:ALL) ALL > > or if the user is added to the sudo group > > # Allow members of group sudo to execute any command > %sudo ALL=(ALL:ALL) ALL > > if used for single commands it should not be a problem > unless you allow to open a root xterm.... > To replace su or sudo binary you need root so at this point > the system is already compromised. > The use with no password solves one problem but creates others > like everybody being able to wreck the system with synaptic > or gparted as soon as they find an unattended desktop. > Don't want my mom to use synaptic......just mail and browser. just so you know, it's more traditional and portable to allow the wheel group to sudo, not have a separate sudo group. https://en.wikipedia.org/wiki/Wheel_%28computing%29 %wheel ALL=(ALL:ALL) ALL -- ____________________________________ / Hello... IRON CURTAIN? Send over a \ | SAUSAGE PIZZA! World War III? No | \ thanks! / ------------------------------------ \ \ /\ /\ //\\_//\\ ____ \_ _/ / / / * * \ /^^^] \_\O/_/ [ ] / \_ [ / \ \_ / / [ [ / \/ _/ _[ [ \ /_/ _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
