From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OieWT-0004nX-BK for garchives@archives.gentoo.org; Tue, 10 Aug 2010 02:25:01 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D2D8EE0BA9; Tue, 10 Aug 2010 02:24:41 +0000 (UTC) Received: from mail.internode.on.net (bld-mail15.adl6.internode.on.net [150.101.137.100]) by pigeon.gentoo.org (Postfix) with ESMTP id 77F7CE0BA9 for ; Tue, 10 Aug 2010 02:24:40 +0000 (UTC) Received: from staff-248-28.wireless.adelaide.edu.au (unverified [129.127.248.28]) by mail.internode.on.net (SurgeMail 3.8f2) with ESMTP id 23033322-1927428 for multiple; Tue, 10 Aug 2010 11:54:34 +0930 (CST) Content-Type: text/plain; charset=utf-8 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice From: Indexer In-Reply-To: <201008100414.45253.Warp_7@gmx.de> Date: Tue, 10 Aug 2010 11:54:29 +0930 Content-Transfer-Encoding: quoted-printable Message-Id: <563F1925-C3EB-4A57-9362-9E9ABEBB8A9A@internode.on.net> References: <201008092009.38665.michaelkintzios@gmail.com> <201008100414.45253.Warp_7@gmx.de> To: gentoo-user@lists.gentoo.org, Frank Steinmetzger X-Pgp-Agent: GPGMail 1.2.3 X-Mailer: Apple Mail (2.1081) X-Archives-Salt: 5d2e7ded-c9b5-4624-8cc9-cbe23d6682a9 X-Archives-Hash: 2b0b93c17dff0f2e2a69e1b0ea5fc235 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/08/2010, at 11:44 AM, Frank Steinmetzger wrote: > Am Dienstag, 10. August 2010 schrieb Paul Hartman: >=20 >> Typing that long password into sudo every time I ran a command was a >> hassle >=20 > I=E2=80=99ve never used sudo, and never really liked the idea of it. = In fact I=E2=80=99m=20 > always amused and slightly annoyed by the sheer amount of sudo one can = find in=20 > your typical ubuntu howto. ;-) >=20 > It=E2=80=99s one reason why I abstained from installing Truecrypt 6, = because it=20 > requires sudo (Yes I know, in default setup you can=E2=80=99t do much = with it. It is=20 > but an issue of principle). However, because I need root commands = regularly=20 > (for example to initiate the VPN to my uni=E2=80=99s WiFi), I usually = have one tab in=20 > Yakuake where I do a normal su once after login. >=20 > And for more safety on my part, I also use different prompts: red = hostname for=20 > root console, green user@hostname for nonroot. > --=20 > Gru=C3=9F | Greetings | Qapla' > What=E2=80=99s right is right, otherwise it=E2=80=99d be wrong. I hope you realise the use of "sudo -i" will give you a root shell just = like su. The reason sudo is preferred is that it means between multiple = administrators, you can eliminate the need for a shared password. sudo = can also control who and what groups can access sudo, and even subsets = of commands. sudo also has a "grace timer" in which once you prove your identity with = your password once, you can use sudo without a password for a period of = time after that. This can also be canceled with sudo -k In terms of system administration best practices, sudo is the way to go. = You will see it used in all server administration tasks to escalate = privileges, in a secure manner. William Brown pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMYLhgAAoJEHF16AnLoz6JhJ8QAL5SO5DRmcQ3wXLdtMZooACu WT4qyfKBnfMqakLJlSWYOH6tuIoK/mVYpeCpQmjpTuKaE90tnLnngCOVnG7puyqG LkPBNew3iOsO0JJcNzCcMiwWQ1C7d2hkSyNl48FVwBwaVgbPmWL6flPLxwHxdbU1 O2Kke8ku2dAVRTg9NdnPnTcc7y1h2/VYLwqSY10ybHS4I6a7YuhEIeGZtCqfEZ6d 0WkbUaU2IJFEVskR2pRV3Oh8FOgjW1XpYPzGrzQgpByghVgDxalFpC89g3xVw2ue bbRZNcn6NfZnfS/ltsCLr0mzSkV9xUXtYJkSQWN2jZbXM5rr+5gQXk1CqYLeDkjS 4HFST6bFfUUl7KMlo/mfH7PSD3Coa1J/DwcZFM9xkMx/sTy/TDsQhG1Qgb5jSn4u /TVYRwkvNj/KXBolDPcEQkZ6h35R8h9gGFRaW9u1+O2YyLC8uOyFUhd0iHNo0+s0 r4Q0wiwnY7I5CI2ZQ5h2blbYzqyvgSa43rYp3rho9cp4LktDKO2qfoIW/CV/0Q6r NmWcuzaU17QTAQn8VL2SUfG0zqXgCI4NlQcU8iNnYFRGUTvdx4crjzrgIqYm2rc+ PbpFuLl4Uz000hsQYXWfy9hwIMbxilT4F9AOpKmyU392GZ/22WUvoMk2uhzt8aCf w44gvZvW1e44buFM2L/z =3DAR4J -----END PGP SIGNATURE-----