Tommy Reynolds wrote:
Uttered Karsten Wade <kwade@xxxxxxxxxx>, spake thus:
You lose a layer of security auditing, but make the user's life much
easier. Then we can teach either the 'su -' or 'su -c "/bin/bash"'
methods.
With respect: bosh. Root login is the ultimate evil. On a multiuser
system you can't tell which root did what.
But sudo is important on a single-user system because:
1) "su -c" can introduct some fancy shell quoting requirements.
Don't peek and tell me where the 'su -c "mkdir ${HOME}/foo"'
command makes a directory. Not novice-friendly.
2) there is no record of what was done by the "su -c" command and
this makes error recovery more difficult. I know what I *meant*
to type, but what did I *actually* type?
3) Easier to learn the correct habit than unlearn a bad one later.
A single paragraph / appendix what boils down to:
# echo "${USER} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
doesn't seem too onerous.
Cheers
All your concerns are based on the fact every user of a multiuser
Linux has the root password. This is only the case when there is just
one user. So a plain user can try su c but it will not work.
Karl
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7
--
fedora-docs-list mailing list
fedora-docs-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-docs-list
