ubuntu & sudu

[der.hans]

Am 27. Sep, 2005 schwätzte Mark Jarvis so:

> After seeing the many comments about ubuntu and having some free space
> on one of my drives I decided to install ubuntu and have a look. I used
> pre-existing swap & /home partitions. Having heard that ubuntu didn't
> like root login or su -, I found and read some comments about ubuntu &
> sudu on the ubuntu site. (I don't agree with their philosophy, but can
> see why they did things that way and can live with it.)

I think a sudo interface is a great way of giving people who don't
understand account seperation the advantages of having seperate accounts
in a mostly transparent manner.

If you look at the GUI under the system tab it'll pop up programs that
need root privileges via an xsudo interface. Much, much better than how
Lindows does it by just having everyone login as root! What a horrible
idea to copy from m$.

It's not perfect protection as a compromised account could get its passwd
sniffed which could then be used with 'sudo su'. I think it's a mostly
acceptable compromise, though. In fact, it's what I've recommended for
years :).

I would like to see packages add specifics to /etc/sudoers in order to
limit potential damage if an account is compromised. In other words,
I want 'sudo su' to work on my box, but my grandma doesn't need that
and really only need a few things like maybe the xsudo interface to
aptitude. Heck, even there she'd only need access to a few things as I
don't want her ( or someone who's broken in ) to be able to change the
package sources.

I hope the finer control of sudo will come as system development
continues.

Consider also combining the command option for ssh and sudo as a great way
to get limited escalated privs on a remote box.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/
#  "The purpose of IT is to seamlessly and transparently provide the other
#  9/10's of the iceberg for people who need to work with chunks
#  of floating ice." -- Strata Rose Chalup