On Fri, 11 Nov 2011 14:19:45 -0600
Dale <rdalek1...@gmail.com> wrote:

> ine is a single user machine both for me and my brother.  That said,
> if I did have other users on my machine, they wouldn't even be in the
> wheel group so sudo wouldn't happen either.  They would be able to do
> user things but nothing else.
> 
> That said, I know sudo fixes some problems and has its reason for 
> existing.  Me, its just like the init thingy, I haven't found a good 
> reason yet to have one so no need adding it.  That will likely change 
> shortly but hopefully not today.  I found a workaround on kubuntu
> tho. Just set the root password so you can login as root and carry
> on.  ;-) Even I have a gas pocket in my brain from time to time.  :-D
> 


Yeah, that's the way you do it.

I don't have sudo on my own machines for the same reason
(except the Ubuntu ones, I can't be bothered removing it) but at work
I'd be slaughtered by Risk if I didn't have it.

Without sudo the only way to let users do anything more than what
regular users can do is to give them the root password. Seeing as the
root password is randomly generated, forgotten, and kept in a sealed
envelope in a safe, that's not really an option. Sudo lets me
fine-grain control exactly what users can do, like let the web team
install and update sites, let team leaders update team crontabs, and
more. Plus everything is logged. If some chop deletes important files,
I want a timestamped record telling me who and when :-)

So in a corporate environment, sudo is an absolute necessity.

It's also very useful for personal machines,
especially newbies. Having to enter their password every time
encourages them to think about what they are running and treat root
privs with a little more respect. It doesn't always work out though - I
still have idiots on the above-mentioned multi-user machines who
blindly run "apt-get install gnome" on a SuSE host. At least they can't
argue when I call them on it (due to the magic feature called "logs")

-- 
Alan McKinnnon
alan.mckin...@gmail.com

Reply via email to