[102071] in RedHat Linux List
Re: 'root'' login vs. 'standard user' login
daemon@ATHENA.MIT.EDU (M. Woo)
Tue Dec 1 09:27:24 1998
From: "M. Woo" <m-woo@shout.net>
To: "redhat-list@redhat.com" <redhat-list@redhat.com>
Date: Tue, 01 Dec 1998 08:29:51 -0600
Reply-To: "M. Woo" <m-woo@shout.net>
Resent-From: redhat-list@redhat.com
On Mon, 30 Nov 1998 15:33:23 -0800, Deryk Barker wrote:
>I didn't tell you you can't (or, indeed, that you may not) simply that
>it is a very bad idea.
>
>It also has nothing to do with knowing what you're doing or not - a
>moment's carelessness or forgetfulness can be enough to wipe out your
>entire system.
One of my colleagues blew away the entire tree below root once this
way with the improper use of "rm -r" :-).
I'm surprised that no one has mentioned sudo as a possible
alternative to su, particularly during the period of setting up a new
machine when root access is often required. Normally sudo allows the
system admin to give limited root access to system users for certain
commands, but it can also be configured to allow quick and dirty root
access for the sysadmin when needed.
I simply have to preface any command with "sudo" (no quotes -
pronounced "soo-doo") and it acts as if I am logged in as root for
that single command. The trick is not to get into the habit of
prefacing all of your commands with the word "sudo." :) Since most
command shells allow you to use the previous command in the history
as an argument, this isn't a problem (i.e, in tcsh "sudo !!" will run
the previous command with sudo in front of it). Therefore, I'll type
in a command, find that I don't have privileges to do it, swear at my
stupidity, then invoke "sudo !!" - no problems so far.
My laptop is a Borg at the moment, as the office is a Borg ship, but
the sudoers file on my Solaris box looks something like this (the
Penguin isn't set up for groups, but you'll get the idea):
# a snippet of the sudoers file
#
# User alias specification
User_Alias GODS=me,notme
# User privilege specification
root ALL=(ALL) ALL
GODS ALL=(ALL) NOPASSWD:ALL
# end of sudoers snippet
This specifies a group called GODS which includes two users called
"me" and "notme" then gives root (obviously) exec privileges and
whatnot to everything, and also give all users in the GODS group the
same privileges with NOPASSWD which allows the use of sudo without
having to invoke a password each time.
Unfortunately, I don't have a URL to cough out for the location of
the source for sudo, but it's popular and should be easy to find.
--
M. Woo
m-woo@uiuc.edu
The next version of NT... the upcoming W2K Pro(blem)!
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
