From: Indexer <indexer@internode.on.net>
To: gentoo-user@lists.gentoo.org, Frank Steinmetzger <Warp_7@gmx.de>
Subject: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
Date: Tue, 10 Aug 2010 11:54:29 +0930 [thread overview]
Message-ID: <563F1925-C3EB-4A57-9362-9E9ABEBB8A9A@internode.on.net> (raw)
In-Reply-To: <201008100414.45253.Warp_7@gmx.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/08/2010, at 11:44 AM, Frank Steinmetzger wrote:
> Am Dienstag, 10. August 2010 schrieb Paul Hartman:
>
>> Typing that long password into sudo every time I ran a command was a
>> hassle
>
> I’ve never used sudo, and never really liked the idea of it. In fact I’m
> always amused and slightly annoyed by the sheer amount of sudo one can find in
> your typical ubuntu howto. ;-)
>
> It’s one reason why I abstained from installing Truecrypt 6, because it
> requires sudo (Yes I know, in default setup you can’t do much with it. It is
> but an issue of principle). However, because I need root commands regularly
> (for example to initiate the VPN to my uni’s WiFi), I usually have one tab in
> Yakuake where I do a normal su once after login.
>
> And for more safety on my part, I also use different prompts: red hostname for
> root console, green user@hostname for nonroot.
> --
> Gruß | Greetings | Qapla'
> What’s right is right, otherwise it’d be wrong.
I hope you realise the use of "sudo -i" will give you a root shell just like su. The reason sudo is preferred is that it means between multiple administrators, you can eliminate the need for a shared password. sudo can also control who and what groups can access sudo, and even subsets of commands.
sudo also has a "grace timer" in which once you prove your identity with your password once, you can use sudo without a password for a period of time after that. This can also be canceled with sudo -k
In terms of system administration best practices, sudo is the way to go. You will see it used in all server administration tasks to escalate privileges, in a secure manner.
William Brown
pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQIcBAEBAgAGBQJMYLhgAAoJEHF16AnLoz6JhJ8QAL5SO5DRmcQ3wXLdtMZooACu
WT4qyfKBnfMqakLJlSWYOH6tuIoK/mVYpeCpQmjpTuKaE90tnLnngCOVnG7puyqG
LkPBNew3iOsO0JJcNzCcMiwWQ1C7d2hkSyNl48FVwBwaVgbPmWL6flPLxwHxdbU1
O2Kke8ku2dAVRTg9NdnPnTcc7y1h2/VYLwqSY10ybHS4I6a7YuhEIeGZtCqfEZ6d
0WkbUaU2IJFEVskR2pRV3Oh8FOgjW1XpYPzGrzQgpByghVgDxalFpC89g3xVw2ue
bbRZNcn6NfZnfS/ltsCLr0mzSkV9xUXtYJkSQWN2jZbXM5rr+5gQXk1CqYLeDkjS
4HFST6bFfUUl7KMlo/mfH7PSD3Coa1J/DwcZFM9xkMx/sTy/TDsQhG1Qgb5jSn4u
/TVYRwkvNj/KXBolDPcEQkZ6h35R8h9gGFRaW9u1+O2YyLC8uOyFUhd0iHNo0+s0
r4Q0wiwnY7I5CI2ZQ5h2blbYzqyvgSa43rYp3rho9cp4LktDKO2qfoIW/CV/0Q6r
NmWcuzaU17QTAQn8VL2SUfG0zqXgCI4NlQcU8iNnYFRGUTvdx4crjzrgIqYm2rc+
PbpFuLl4Uz000hsQYXWfy9hwIMbxilT4F9AOpKmyU392GZ/22WUvoMk2uhzt8aCf
w44gvZvW1e44buFM2L/z
=AR4J
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2010-08-10 2:25 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-09 16:25 [gentoo-user] Rooted/compromised Gentoo, seeking advice Paul Hartman
2010-08-09 16:48 ` Alan McKinnon
2010-08-09 18:48 ` Paul Hartman
2010-08-09 18:59 ` [gentoo-user] " 7v5w7go9ub0o
2010-08-09 19:08 ` Paul Hartman
2010-08-09 19:46 ` Mick
2010-08-10 13:50 ` Kyle Bader
2010-08-09 19:09 ` [gentoo-user] " Mick
2010-08-09 20:08 ` Robert Bridge
2010-08-09 20:20 ` Bill Longman
2010-08-10 0:30 ` Kevin O'Gorman
2010-08-10 1:18 ` William Hubbs
2010-08-10 6:42 ` Alan McKinnon
2010-08-10 13:03 ` Kevin O'Gorman
2010-08-10 18:50 ` Alan McKinnon
2010-08-10 19:22 ` Hazen Valliant-Saunders
2010-08-10 23:23 ` Peter Humphrey
2010-08-11 16:55 ` Stroller
2010-08-11 18:16 ` Dale
2010-08-11 20:30 ` Alan McKinnon
2010-08-11 22:11 ` [gentoo-user] Rooted/compromised Gentoo, seeking advice - AKA passwords Bill Longman
2010-08-11 23:09 ` Alan McKinnon
2010-08-12 4:30 ` Bill Longman
2010-08-12 13:01 ` [gentoo-user] Rooted/compromised Gentoo, seeking advice Stroller
2010-08-12 19:21 ` Alan McKinnon
2010-08-12 19:43 ` Peter Humphrey
2010-08-12 20:14 ` Alan McKinnon
2010-08-12 12:56 ` Stroller
2010-08-13 2:11 ` Dale
2010-08-11 16:58 ` Stroller
2010-08-11 20:26 ` Alan McKinnon
2010-08-09 20:25 ` Dale
2010-08-09 21:22 ` Mick
2010-08-09 22:19 ` Dale
2010-08-09 21:17 ` Philip Webb
2010-08-09 23:07 ` Paul Hartman
2010-08-10 2:14 ` Frank Steinmetzger
2010-08-10 2:24 ` Indexer [this message]
2010-08-11 1:05 ` Walter Dnes
2010-08-11 2:16 ` Dale
2010-08-11 4:36 ` Walter Dnes
2010-08-11 5:37 ` Dale
2010-08-10 2:30 ` Keith Dart
2010-08-10 3:06 ` Adam Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=563F1925-C3EB-4A57-9362-9E9ABEBB8A9A@internode.on.net \
--to=indexer@internode.on.net \
--cc=Warp_7@gmx.de \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox