[ale] bash commands

Richard Bronosky richardbronosky at gmail.com
Tue May 22 08:36:42 EDT 2012


I agree with you buddy. There are 2 ways to use root privileges. If you ned
to run 1 command as root, then "sudo command". If you need to become root
to do many commands, then "sudo su -". Everything else, root password
sharing, sudo -i, etc., is rubbish. If you are scripting a process that
must run root commands on remote servers, then maybe it gets tricky. But
for 98% of what an admin needs you only need those 2 things.

Oh, and about GUI... You can buy an ointment that will clear that up in a
few weeks, but I prefer to start away entirely.
On May 21, 2012 2:43 AM, "Brian Mathis" <brian.mathis+ale at betteradmin.com>
wrote:

> There is an ENORMOUS difference between using "su" and "sudo -i", and
> it's big enough that any old codgers out there should learn this new
> trick:
>
>    To use 'su' you need the ROOT password.
>    To use 'sudo', you need YOUR password.
>
> In any environment outside of your personal desktop, this is a huge
> difference.  Securely distributing the root password to any number of
> sysadmins, keeping track of who has it, and changing it every time
> someone leaves (and redistributing the changed password) is a
> nightmare, and it also violates most accepted rules of good security
> (using shared passwords).
>
> If you grant root access through sudo, even if admins use 'sudo -i',
> you only need to manage the sudoers file and you can forget about the
> root password issue.  You still need to keep track of the root
> password, but now you can set it to some long random string and keep
> it locked in a safe somewhere.  You also get an audit trail of who's
> logging in and switching to root, even if you don't get a full audit
> of every command they run.
>
>
> ❧ Brian Mathis
>
>
> On Sun, May 20, 2012 at 9:30 PM, matt <ur.matt at gmail.com> wrote:
> > Why not just log in as root and stomp around if you're going to use sudo
> -i?
> >
> > On Sun, May 20, 2012 at 6:27 PM, matt <ur.matt at gmail.com> wrote:
> >> sudo -i is definitely bad practice, it completely negates the purpose of
> >> using sudo in the first place.
> >>
> >> On Sun, May 20, 2012 at 6:19 PM, Brian Stanaland <brian at stanaland.org>
> >> wrote:
> >>> I use 'sudo su -' which gets you the complete root experience.
> >>>
> >>> -- Brian
> >>>
> >>> On Sun, May 20, 2012 at 9:10 PM, Mike Harrison <cluon at geeklabs.com>
> >>> wrote:
> >>>>
> >>>> On Sun, 20 May 2012, Jim Lynch wrote:
> >>>> > If that's current thinking, then it's changed.  I've been
> >>>> > administrating
> >>>> > Unix systems for about 25 years.  Sudo didn't exist and you needed
> to
> >>>> > su
> >>>> > in order to do admin tasks.  It was accepted and expected.  You
> >>>> > couldn't
> >>>> > install SunOS, HPUX, UNICOS or Irix without it.  I'm afraid this old
> >>>> > dog
> >>>> > isn't learning new tricks, I use sudo -s or sudo -i on a regular
> basis
> >>>> > when I don't have su enabled.
> >>>>
> >>>> I use sudo -s on my desktop when I need to do root things. Saves a lot
> >>>> of
> >>>> time and typing over "sudo foo" for every command. On a desktop,
> normal
> >>>> user system.. it seems to be the "right way". Be a user for user
> things,
> >>>> become almost root for doing admin stuff on my box.
> >>>>
> >>>> On a server.. there is only root for most sysadmin tasks. I've only
> been
> >>>> running Linux since 94.. but have also worked on DG Nova's, SCO unix,
> >>>> Slowlaris, etc.. but it seems to be the right way to admin a server.
> >>>> If you can't handle SSHing in/logging in as root..  you should not be.
> >> --
> >> Matt Urbanski | iflowfor8hours.info | @iflowfor8hours
> > --
> > Matt Urbanski | iflowfor8hours.info | @iflowfor8hours
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120522/3e528ce9/attachment.html 


More information about the Ale mailing list