[ale] bash commands

Matthew simontek at gmail.com
Mon May 21 02:48:59 EDT 2012


I don't usually work in a desktop environment. Even though our project
is using kde, I still do everything from command line.

On 5/21/12, Brian Mathis <brian.mathis+ale at betteradmin.com> wrote:
> There is an ENORMOUS difference between using "su" and "sudo -i", and
> it's big enough that any old codgers out there should learn this new
> trick:
>
>     To use 'su' you need the ROOT password.
>     To use 'sudo', you need YOUR password.
>
> In any environment outside of your personal desktop, this is a huge
> difference.  Securely distributing the root password to any number of
> sysadmins, keeping track of who has it, and changing it every time
> someone leaves (and redistributing the changed password) is a
> nightmare, and it also violates most accepted rules of good security
> (using shared passwords).
>
> If you grant root access through sudo, even if admins use 'sudo -i',
> you only need to manage the sudoers file and you can forget about the
> root password issue.  You still need to keep track of the root
> password, but now you can set it to some long random string and keep
> it locked in a safe somewhere.  You also get an audit trail of who's
> logging in and switching to root, even if you don't get a full audit
> of every command they run.
>
>
> ❧ Brian Mathis
>
>
> On Sun, May 20, 2012 at 9:30 PM, matt <ur.matt at gmail.com> wrote:
>> Why not just log in as root and stomp around if you're going to use sudo
>> -i?
>>
>> On Sun, May 20, 2012 at 6:27 PM, matt <ur.matt at gmail.com> wrote:
>>> sudo -i is definitely bad practice, it completely negates the purpose of
>>> using sudo in the first place.
>>>
>>> On Sun, May 20, 2012 at 6:19 PM, Brian Stanaland <brian at stanaland.org>
>>> wrote:
>>>> I use 'sudo su -' which gets you the complete root experience.
>>>>
>>>> -- Brian
>>>>
>>>> On Sun, May 20, 2012 at 9:10 PM, Mike Harrison <cluon at geeklabs.com>
>>>> wrote:
>>>>>
>>>>> On Sun, 20 May 2012, Jim Lynch wrote:
>>>>> > If that's current thinking, then it's changed.  I've been
>>>>> > administrating
>>>>> > Unix systems for about 25 years.  Sudo didn't exist and you needed to
>>>>> > su
>>>>> > in order to do admin tasks.  It was accepted and expected.  You
>>>>> > couldn't
>>>>> > install SunOS, HPUX, UNICOS or Irix without it.  I'm afraid this old
>>>>> > dog
>>>>> > isn't learning new tricks, I use sudo -s or sudo -i on a regular
>>>>> > basis
>>>>> > when I don't have su enabled.
>>>>>
>>>>> I use sudo -s on my desktop when I need to do root things. Saves a lot
>>>>> of
>>>>> time and typing over "sudo foo" for every command. On a desktop, normal
>>>>> user system.. it seems to be the "right way". Be a user for user
>>>>> things,
>>>>> become almost root for doing admin stuff on my box.
>>>>>
>>>>> On a server.. there is only root for most sysadmin tasks. I've only
>>>>> been
>>>>> running Linux since 94.. but have also worked on DG Nova's, SCO unix,
>>>>> Slowlaris, etc.. but it seems to be the right way to admin a server.
>>>>> If you can't handle SSHing in/logging in as root..  you should not be.
>>> --
>>> Matt Urbanski | iflowfor8hours.info | @iflowfor8hours
>> --
>> Matt Urbanski | iflowfor8hours.info | @iflowfor8hours
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

-- 
Sent from my mobile device

SimonTek
912-398-6704



More information about the Ale mailing list