> On 13 Aug 2019, at 9:03 am, Christopher Jones <[email protected]> > wrote: > > > >> On 12 Aug 2019, at 9:40 pm, Gerben Wierda <[email protected] >> <mailto:[email protected]>> wrote: >> >> As I’m working my way to somewhat knowing what I’m doing, I have a question. >> >> I always set the timeout on sudo on my systems to 0 seconds. So, for every >> sudo command I enter, I have to type the password. This is somewhat safer >> than having a timeout (normally 300sec). > > What I do is allow ${prefix}/bin/port to run through sudo without requiring a > password. you can do this by adding > > chris ALL=(ALL) NOPASSWD: /opt/local/bin/port
should have added here the above is added via ‘visudo' Chris > > this in my opinion has two advantages > > 1. I never have to type my passport for running port > 2. Because of 1., sudo never fully authenticates, so if I was to run another > command through sudo immediately after port, that command will ask for my > password. > > In my view, the above is more convenient, and also safer against my > accidental bad usage of sudo. > > Chris > >> >> This becomes tedious when there are many sudo commands to perform, so in >> that case, I often revert to running sudo -s or sudo -i, do my work as root >> and kill the subshell. This has risks too (e.g. doing a wrong rm command, >> but I’m pretty paranoiac about stuff like rm) >> >> For my first steps with macports, I’ve run everything as root that way, >> because I expected there would be changes in /Library/LaunchDaemons etc and >> I did not want toe be typing my password all the time. >> >> But I’m wondering if I should move back to running everything as ordinary >> user. >> >> Are there disadvantages to running to port commands as root? >> >> If I want to revert, what should I chown to that user? How should ownership >> in /opt be? >> >> Gerben Wierda >> Chess and the Art of Enterprise Architecture <http://enterprisechess.com/> >> Mastering ArchiMate <http://masteringarchimate.com/> >> Architecture for Real Enterprises >> <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at >> InfoWorld >> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ >> >
smime.p7s
Description: S/MIME cryptographic signature
