Mageia forum

[rodgoslin]

I'm hoping that someone can give me some background to the command sudo. My interest stems from my background in Unix (Solaris (SunOS), and PrimOS before that), where root privileges were a closely guarded thing. open to a very few.. Mandrake, Mandriva and now Mageia, I like because it runs on the same lines. Other systems (Ubuntu, Debian) that I've dabbled with appalled me, at the concept of letting anyone and his dog mess with the OS. lately, I've been playing with a Raspberry Pi, with the intention of trying out running my own mail server, and again, I've run into the sudo thing. I soon assigned a password for root and declined to use the sudo option. To my mind the sudo command is a gaping breach in the normal secure root admin system. Since I'm the only user on my systems, I'm consequently root also. But I've been there, learnt the lesson. I'd welcome any comments about the possible (if any) benefits, and indications that it is not the security breach that it suggests. I know that Mageia, too, has the sudo command, and I have, at times pondered about disabling it. In the same sense, I'm not too happy about system updates only requiring a user password to authorise updates.. No flames, please. This is, to me, a a genuine concern.

[xboxboy]

I agree with most of your points. SUDO is just crazy. As for a normal user being able to apply updates, I'm pretty sure you can disable that. For myself on my own systems, allowing regular users to update is convenient, rather than tying up IT & admin (what admin??? lol) time/resources or handing out root passwords. Mageia is stable enough that updates rarely cause issues and need to be held off. I guess in a corporate environment where starting/stopping services may be different, but at that stage you should have a good IT department.

With regards to your Pi, I'd add a regular user and change to that. It's all too easy to hose a system when root (or with sudo). I also make it a habit, that first thing I install is colorprompt, so when I'm root, the prompt is red: If I mess up as root, then there's no helping me.

Colorprompt isn't available across all distro's but it's easy to find a script that will achieve the same result (had to do it for fedora for my pi).

[doktor5000]

I'm curious, what method would you use for unpriviledged users to be able to run commands that require root permissions,
without handing out your root password and ensuring adequate logging, and being able to define centrally which commands which users are able to run on which machine?

I also disagree with that blanket statement "sudo is just crazy".

[rodgoslin]

Xbox boy: I agree with you, establishing a user (on the Pi) would be a good idea. I might try that. But I don't intend to use it for any other purpose than as the mail serer (If I ever sort it out to a conclusion). In the meantime, the default user will do.
Doktor5000: I too regard sudo as 'crazy'. The user should not have access to any commands requiring root access. if such is required the joint efforts of user and admin should be used. The inadvertent disclosure of roots password is quickly corrected by a password change, but to put sudo in the hands of a user, is to throw away all keys to control the system. In my admin days, I had enough trouble persuading the users from filling the disks with junk, and finding novel ways to screw up the system.

[Ken-Bergen]

In Mageia the default is that regular users don't have sudo privileges.
This can be changed on a per user basis and can only be done by root.

[doktor5000]

@rodgoslin & xboxbox: I think you both miss the point. sudo can be configured to let particular users run particular commands. For a lot of scenarios, there's no real replacement for that.
But sure, if you think of sudo as a way to lose all keys of control over a system to a user, probably just means you never learned to configure sudo.

If you think sudo is crazy, I wonder what you think about polkit.

What I agree with both of you, is that the kind of sudo setup that is used on *ubuntu is a pretty weird concept, which I also don't like.
But sudo is still useful.

[rodgoslin]

Ah, yes. Mageia does seem to have a more practical view of sudo. I've just given it a try. I created a directory, descended into it, su'd to root and created a text file (touch test.txt), exitted from root and used sudo to delete it. I was rather amused by the stern injunctions from the system. Particularly the one that said "With Great Power Comes Great Responsibility". Unfortunately, as with our Government (UK), Great responsibility and Power does not confer Great Wisdom, or Ability. I think I'll leave sudo alone. It seems to be more effort than it's worth

[xboxboy]

@Doktor

Yes, sudo does have it's place. I guess my dislike of it is from the *buntu world, where every 'how to' is sudo this, sudo that, then you check the forums and guys are trying stuff "that didn't work so I tried sudo XXXX and it worked'

In the hands of the masses, sudo just makes a nice clean system scrappy. I can see where sudo is a GREAT idea, but for most home users, sudo really isn't needed IMHO.

If we all agreed 100% on everything we'd still be using punch cards :/

[rodgoslin]

Hey! Don't knock punched cards. As part of my 'empire', before I retired, I had a machine which produced Hollerith microfilm punched cards from CAD files. The 'silvers' of which were good for 50 years, in good conditions. Unlike the tapes from the main IT dept. which were unreadable, the day after the last backup, since the first thing they did was to scrap the tape machines, when they went from a Primos super mini to Solaris.