On Sun, 30 Aug 2020 15:46:58 -0700 "William Morder via trinity-users" <trinity-users@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > On Sunday 30 August 2020 11:19:03 Slávek Banko wrote: > > On Saturday 29 of August 2020 13:11:01 William Morder via trinity-users > > > Sorry to take so long to respond. I was AFK and lost in the physical world, > and dealing with the problems of living in meatspace. > > > wrote: > > > Okay, so I solved part of the sudoers list / root password problem. > > > Turns out that I had not downloaded quite all the sudo packages, > > > particularly some of the tde-trinity packages, or kde-trinity transition > > > packages, or something in that lot. > > > > If you do not set a root password and use sudo, then the tdesudo-trinity > > package is appropriate to ensure that all tdesu calls are actually tdesudo > > => instead of su and root passwords will use sudo and the user's password. > > > > The mysterious E (for Enigmatic) raised the issue of su against sudo; and I've > also heard Nik mention that su is better for the single home user, which is > myself. Until now, sudo + tdesudo has always done the trick for me, but if it > is less secure, and my system will work, then at least I ought to make myself > aware of the distinctions. I've tried out su, but so far I don't see any > benefit, and only hear about the perils of sudo. > > It is possible that I can change my habits, so I will look into su. But if > anybody can explain why su or why *not* sudo, I would be grateful, as the > technical descriptions I can find online, or in my Linux guides, do not guide > me toward any decisive points, and I see no reason to change what works. > However, I will suppose that E knows something that I don't on this point, so > I am considering how to implement such a change in my working habits. It isn't really all that complex. There are two reasons (well, three, really, but the third is distro-specific) why none of my systems have sudo installed: First of all, su is the older default piece of software that is installed on every Linux system. sudo is an add-on. Every extra piece of software you have installed increases the complexity of your system and the number of bugs you have sloshing around. All other things being equal, not installing software you don't need reduces your system's attack surface. (You'll run into a lot of Gentoo users who think this is important.) Having fewer layers in the way can also make problems easier to troubleshoot. Secondly, most mainstream distros configure sudo to use user passwords, and *don't* place any other restrictions on what user accounts can do through sudo. This means that an attacker only has to break one password—the one on your user account—to obtain full root access. On an su-only system, the attacker has to break *two* passwords—your user's, and root's. It isn't a *lot* of added security, but every little bit helps. It's the usual security vs. inconvenience tradeoff, and in this case, I admit the stakes are pretty small. My distro puts its thumb on the scales by requiring me to install sudo explicitly rather than having it present by default—less work to leave it off if there's no compelling argument for having it. I admit that I usually leave a Konsole window that's su'ed to root lying around permanently, rather than su'ing every time I need to enter a command, but no one else with physical access to my computers has any idea of how to use a Linux system, so I'm not very worried. Your situation may be different there. E. Liddell --------------------------------------------------------------------- To unsubscribe, e-mail: trinity-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx For additional commands, e-mail: trinity-users-help@xxxxxxxxxxxxxxxxxxxxxxxxxx Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
