[Nottingham] root/sudo

[Martin]

On 03/05/12 18:23, Paul Sladen wrote:
> On Tue, 1 May 2012, david at gbenet.com wrote:
>> You wonder what kind of an person scrapped root?
> 
> Ubuntu includes a man page (information page) about the topic:
> 
>   man sudo_root
> 
> When an Ubuntu user opens a terminal he following is printed:
> 
>   To run a command as administrator (user "root"), use "sudo <command>".
>   See "man sudo_root" for details.
> 
>   user at machine:~$ _
> 
> (This message will continue to be shown until that user has activated
> 'sudo' at least once.  Do 'rm ~/.sudo_as_admin_successful' to reset)
> 
> Most modern operating systems are designed with security in this way
> (Mac OS X, Ubuntu, recent MS Windows).  The user is identifying
> themselves, instead of entering a shared secret.
> 
> For new users this is natural.  For adminstrators of huge-scale
> systems this is natural (you /really/ don't want a shared passwd
[---]

Good comment and a good comment for the deeper issue that users expect
'security' (like locks on doors and windows) yet some users (most?) find
passwords to be an almost impossible irritation and just plain difficult.

I consider "sudo" to be a good idea, but then for some sys-admin work, I
find it to be far more convenient to just simply stay logged in as root.
At least for my case, any terminals I leave open with root are
physically secure. Certainly not something to be done in an open office!


> [*] With a shared secret fingerprints, everyone would have to pass
> around the boss' severed thumb to authenicate!

Or worse... As shown on the Da Vinci Code film... Ouch! :-(


So is there any better way?

Cheers,
Martin


-- 
- ------------------ - ----------------------------------------
-    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg