The value of Sudo

Please compose all posts in Emacs.

Moderators: phlip, Moderators General, Prelates

User avatar
niko7865
Posts: 536
Joined: Sun Jan 21, 2007 11:47 am UTC
Location: All over washington state, USA
Contact:

The value of Sudo

Postby niko7865 » Thu Apr 03, 2008 7:54 am UTC

How does Ubuntu abuse sudo? Yes, the default gnome setting is ugly, almost as bad as KDE. Which crappy software do they package? They seem to update packages for security fixes and major bug fixes fairly actively, what other bugs are they missing in order to make the 6 month release cycle?

Split from the thread on desktop environments. This thread of discussion started a long time ago, as you can tell, and has recently been revived. Rather than split off just the new posts or leave them in the other thread, I followed it back to the approximate genesis of the discussion about sudo.

Edit again: oops, the title isn't what I thought I set it to.
21/m/athletic/white&nerdy/washington/straight/???
Image

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Thu Apr 03, 2008 1:49 pm UTC

niko7865 wrote:How does Ubuntu abuse sudo? Yes, the default gnome setting is ugly, almost as bad as KDE. Which crappy software do they package? They seem to update packages for security fixes and major bug fixes fairly actively, what other bugs are they missing in order to make the 6 month release cycle?


idk since i dont use ubuntu but ive head a few people in my lug complain that kubuntu's updates reopen a bug that was fixed a while ago. and on the sudo note are you freaking kidding me? allowing EVERY command to be sudoed? that is just flat out moronic. sudo is supposed to let a few non root users have access toa select root commands, not be an annoying and silly replacement for su. http://www.enterprisenetworkingplanet.c ... hp/3641911

User avatar
Bruce
Posts: 447
Joined: Tue Feb 12, 2008 11:44 am UTC
Location: Melbourne

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Bruce » Thu Apr 03, 2008 2:01 pm UTC

d3adf001 wrote:
niko7865 wrote:How does Ubuntu abuse sudo? Yes, the default gnome setting is ugly, almost as bad as KDE. Which crappy software do they package? They seem to update packages for security fixes and major bug fixes fairly actively, what other bugs are they missing in order to make the 6 month release cycle?


idk since i dont use ubuntu but ive head a few people in my lug complain that kubuntu's updates reopen a bug that was fixed a while ago. and on the sudo note are you freaking kidding me? allowing EVERY command to be sudoed? that is just flat out moronic. sudo is supposed to let a few non root users have access toa select root commands, not be an annoying and silly replacement for su. http://www.enterprisenetworkingplanet.c ... hp/3641911

You come across as echoing flame you have heard from others without understanding the merits or flaws in the arguments. Perhaps you should think on this.

PS: The point of sudo is to stop basic users logging in as root, not replace standard unprivileged accounts.
COMFORT, n.
A state of mind produced by contemplation of a neighbor's uneasiness.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Thu Apr 03, 2008 5:25 pm UTC

damn straight its a flame. and im going to keep it up until i see the destruction of ubuntu or ubuntu stops playing political games and this sudo crap. and they are essentially logging in as root. all they have to do is type in THEIR password then they have root.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby zenten » Fri Apr 04, 2008 3:04 am UTC

d3adf001 wrote:damn straight its a flame. and im going to keep it up until i see the destruction of ubuntu or ubuntu stops playing political games and this sudo crap. and they are essentially logging in as root. all they have to do is type in THEIR password then they have root.


First off, Ubuntu is designed for a single user environment. It is also designed for people who don't know much about system administration. For that type of user the sudo model it adopts is ideal.

If you're really worried about security, and have enough knowledge to actually deal with security, you create another account, which is only used for system administration tasks that require root, and you make sure to only log in from a hard boot at the command line locally. You then set your sudoers file to only accept logins from this account (because sudo logs things that just loggin in as root will not). This is very easy to set up in Ubuntu (or any other flavour of Linux/Unix I've seen). Since this is not something that most users would bother doing it would just scare off the majority of users from using the distro, and most of the rest would just cercomvent it to look more like the current model Ubuntu uses.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Fri Apr 04, 2008 1:35 pm UTC

you mean the logs that you can easily remove once you get root? but i guess with 1 user it really doesnt matter. its just imo in this case sudo would be fine but really freaking annoying.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby zenten » Fri Apr 04, 2008 6:58 pm UTC

d3adf001 wrote:you mean the logs that you can easily remove once you get root? but i guess with 1 user it really doesnt matter. its just imo in this case sudo would be fine but really freaking annoying.


The logs are more in line with "what stupid thing did I just do anyway?" or possibly something to detect scripts (which would also require changing the default locations of the logs).

But yeah, simple solution if you don't like that setup: "sudo su". Then just set a root password.

Noughmad
Posts: 41
Joined: Wed Jan 09, 2008 8:38 pm UTC
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Noughmad » Sat Apr 05, 2008 7:53 pm UTC

zenten wrote:
d3adf001 wrote:you mean the logs that you can easily remove once you get root? but i guess with 1 user it really doesnt matter. its just imo in this case sudo would be fine but really freaking annoying.


The logs are more in line with "what stupid thing did I just do anyway?" or possibly something to detect scripts (which would also require changing the default locations of the logs).

But yeah, simple solution if you don't like that setup: "sudo su". Then just set a root password.
But that way you still can't log into X as root, even though you can in a console.
Laziness is the mother of wisdom.
My woblag

coppro
Posts: 117
Joined: Mon Feb 04, 2008 6:04 am UTC

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby coppro » Sat Apr 05, 2008 8:03 pm UTC

Actually, Ubuntu makes just about the same assumption other systems make WRT sudo - that the person installing the OS should be able to do anything (this is a fair assumption, as the act of installing the OS usually is only done by the same person configuring it, installing software, etc.). The first user account is in the admin group. Other users (i.e. those created later) are not. Only users in the admin group may sudo by default (and root, of course). And requiring you to type in your password every time you need to do something is perfectly normal.

The fact is that every single computer needs someone with admin priveleges at some point, and it's safer and easier to require a password every time you want them (Vista does this too). This is what sudo is meant to do.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby zenten » Sat Apr 05, 2008 9:40 pm UTC

Noughmad wrote:
zenten wrote:
d3adf001 wrote:you mean the logs that you can easily remove once you get root? but i guess with 1 user it really doesnt matter. its just imo in this case sudo would be fine but really freaking annoying.


The logs are more in line with "what stupid thing did I just do anyway?" or possibly something to detect scripts (which would also require changing the default locations of the logs).

But yeah, simple solution if you don't like that setup: "sudo su". Then just set a root password.
But that way you still can't log into X as root, even though you can in a console.


Right.

And your point? We're talking about a secure environment, not about idiots who don't know how to use their Linux box (or just don't care. I'm running Ubuntu on my desktop with sudo as is because I don't care.)

Noughmad
Posts: 41
Joined: Wed Jan 09, 2008 8:38 pm UTC
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Noughmad » Sun Apr 06, 2008 8:56 am UTC

I don't really have a point. I like sudo, I'd really hate to log out and back in to use apt-get.

But when you talk about a secure environment, do you mean secure as in "my computer prevents me from rm -rf /", "other user can't rm -rf /" or "it's harder to hack"?

If you mean the first option, there's always Windows. For the second one, a separate root account is more convenient, but sudo gives you more options via the sudoers file. If you mean the third one, tell your users to have a hard-to-guess password and enable passwordless logins.
Laziness is the mother of wisdom.
My woblag

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby zenten » Sun Apr 06, 2008 1:19 pm UTC

Noughmad wrote:I don't really have a point. I like sudo, I'd really hate to log out and back in to use apt-get.

But when you talk about a secure environment, do you mean secure as in "my computer prevents me from rm -rf /", "other user can't rm -rf /" or "it's harder to hack"?

If you mean the first option, there's always Windows. For the second one, a separate root account is more convenient, but sudo gives you more options via the sudoers file. If you mean the third one, tell your users to have a hard-to-guess password and enable passwordless logins.


I mean "harder to hack, even if you some how installed a virus."

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Tue Apr 08, 2008 1:48 am UTC

coppro wrote:The fact is that every single computer needs someone with admin priveleges at some point, and it's safer and easier to require a password every time you want them (Vista does this too). This is what sudo is meant to do.


http://www.sudo.ws/sudo/readme.html wrote:This is Sudo version 1.6.9

The sudo philosophy
===================
Sudo is a program designed to allow a sysadmin to give limited root privileges
to users and log root activity. The basic philosophy is to give as few
privileges as possible but still allow people to get their work done.


oh shit i guess the maintainers were wrong about what it was meant to do

zenten wrote:I mean "harder to hack, even if you some how installed a virus."


lol que? seriously how is sudo a security measure? it doesnt make guessing the password harder. on top of that its not going to stop a remote attack or a local root exploit. and if i sudoed in id just clean the logs. what a security tool.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby zenten » Tue Apr 08, 2008 1:52 am UTC

d3adf001 wrote:
coppro wrote:The fact is that every single computer needs someone with admin priveleges at some point, and it's safer and easier to require a password every time you want them (Vista does this too). This is what sudo is meant to do.


http://www.sudo.ws/sudo/readme.html wrote:This is Sudo version 1.6.9

The sudo philosophy
===================
Sudo is a program designed to allow a sysadmin to give limited root privileges
to users and log root activity. The basic philosophy is to give as few
privileges as possible but still allow people to get their work done.


oh shit i guess the maintainers were wrong about what it was meant to do


You're right, coppro misunderstood what it's for.

That doesn't mean that the use Ubuntu gives for it isn't appropriate on a single user system.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Tue Apr 08, 2008 2:04 am UTC

this is stupid as hell. you guys are clearly tools and cant realize that sudo isnt protection, safer or better log or anything. its just another motion you have to go through. it would be like having to do something like "/usr/bin/./vim /long/dir/to/file" to make sure they dont edit the wrong file
Back off the personal attacks, please. - Hammer

EvanED
Posts: 4331
Joined: Mon Aug 07, 2006 6:28 am UTC
Location: Madison, WI
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby EvanED » Tue Apr 08, 2008 2:10 am UTC

d3adf001 wrote:this is stupid as hell. you guys are clearly tools and cant realize that sudo isnt protection, safer or better log or anything.

What? It's better protection against staying logged in as root.

Maybe it isn't much better than using 'su' instead, but it's far better than logging in as root to begin with.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby zenten » Tue Apr 08, 2008 2:19 am UTC

d3adf001 wrote:this is stupid as hell. you guys are clearly tools and cant realize that sudo isnt protection, safer or better log or anything. its just another motion you have to go through. it would be like having to do something like "/usr/bin/./vim /long/dir/to/file" to make sure they dont edit the wrong file


I find it handy, as I can just type in "wajig bla bla" instead of using su first and then typing it in.

User avatar
Simon
Posts: 14
Joined: Sat Apr 14, 2007 4:12 pm UTC

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Simon » Sun May 11, 2008 3:03 am UTC

d3adf001 wrote:sudo isnt protection, safer or better log or anything. its just another motion you have to go through.

Yes, but it (and least privilege in general) is a useful motion to have to go through, even on single user systems.

For instance, imagine you're trying to delete a few hidden folders in bash, and run "rm -r .*". (Hidden files and folders in *nix start with a dot, for those who don't know).

Now, if you just run as root all the the time, the above code will erase your entire filesystem. But if you run as a normal user and use sudo to elevate for administrator tasks when needed, since you wouldn't have run the above code with sudo, the damage would be limited to your home directory.

So, since all that's likely to be in your home directory is all your (not backed up) documents, data, and generally your life's work -- which should all be reconstructable in a mere few decades -- this is not so bad. Wheras if you ran it as root and destroyed the whole filesystem you would have to reinstall the operating system on top of that -- which might take up to half an hour!

Now, half an hour might not sound like a lot; but if you've just spent twenty years reconstructing your life's work, let me assure you, half an hour can seem like a very long time.

And that's why you shouldn't run as root.

...
I don't like numbers which can't be written as fractions. It's an irrational fear.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby zenten » Sun May 11, 2008 9:20 pm UTC

Simon wrote:
d3adf001 wrote:sudo isnt protection, safer or better log or anything. its just another motion you have to go through.

Yes, but it (and least privilege in general) is a useful motion to have to go through, even on single user systems.

For instance, imagine you're trying to delete a few hidden folders in bash, and run "rm -r .*". (Hidden files and folders in *nix start with a dot, for those who don't know).

Now, if you just run as root all the the time, the above code will erase your entire filesystem. But if you run as a normal user and use sudo to elevate for administrator tasks when needed, since you wouldn't have run the above code with sudo, the damage would be limited to your home directory.

So, since all that's likely to be in your home directory is all your (not backed up) documents, data, and generally your life's work -- which should all be reconstructable in a mere few decades -- this is not so bad. Wheras if you ran it as root and destroyed the whole filesystem you would have to reinstall the operating system on top of that -- which might take up to half an hour!

Now, half an hour might not sound like a lot; but if you've just spent twenty years reconstructing your life's work, let me assure you, half an hour can seem like a very long time.

And that's why you shouldn't run as root.

...


That's why you shouldn't run as a user that has anything that you care about ;)

User avatar
enk
Posts: 754
Joined: Mon Sep 10, 2007 12:20 am UTC
Location: Aalborg, Denmark
Contact:

The value of Sudo

Postby enk » Sun May 11, 2008 10:24 pm UTC

zenten wrote:
Simon wrote:...

And that's why you shouldn't run as root.


That's why you shouldn't run as a user that has anything that you care about ;)


Or, it's why you do backups.



Simon wrote:rm -r .*


I fucked up once using .* without realizing .. is included in it. It was in another user's homedir and I guess I should have been su'ing rather than just sudo'ing. The command took more than a few seconds to complete and I realized something was awry. When I terminated it, it had only been through, like, 15 users' homedirs.

Spoiler:
Lucky for me, it was just chown :P
phlip wrote:Ha HA! Recycled emacs jokes.

EvanED
Posts: 4331
Joined: Mon Aug 07, 2006 6:28 am UTC
Location: Madison, WI
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby EvanED » Sun May 11, 2008 10:38 pm UTC

I had that happen with tar. I wanted to tar up a directory including the dot files. I find it really stupid that shells glob .. in there. I bet that 99% of the time it's doing either the outright wrong thing or something that doesn't matter (eg ls -l .* or something where the user just skims over it).

User avatar
enk
Posts: 754
Joined: Mon Sep 10, 2007 12:20 am UTC
Location: Aalborg, Denmark
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby enk » Sun May 11, 2008 11:39 pm UTC

EvanED wrote:I had that happen with tar. I wanted to tar up a directory including the dot files. I find it really stupid that shells glob .. in there. I bet that 99% of the time it's doing either the outright wrong thing or something that doesn't matter (eg ls -l .* or something where the user just skims over it).


I can think of these two ways around it:

Code: Select all

find . -maxdepth 1 -type f -name .\*

ls -dF .* | grep -v /

piped to xargs or used in backticks.

Is there a neater way?


Btw I hope verging off topic a little is ok, as I'm not the only one doing it :wink:
phlip wrote:Ha HA! Recycled emacs jokes.

EvanED
Posts: 4331
Joined: Mon Aug 07, 2006 6:28 am UTC
Location: Madison, WI
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby EvanED » Sun May 11, 2008 11:59 pm UTC

enk wrote:
EvanED wrote:I had that happen with tar. I wanted to tar up a directory including the dot files. I find it really stupid that shells glob .. in there. I bet that 99% of the time it's doing either the outright wrong thing or something that doesn't matter (eg ls -l .* or something where the user just skims over it).


I can think of these two ways around it:

Code: Select all

find . -maxdepth 1 -type f -name .\*

ls -dF .* | grep -v /

piped to xargs or used in backticks.

Is there a neater way?

Neither of which I think I should have to do. Anyway, one neater way is the way I think I ended up doing it: "tar --exclude .. cvf ../file.tar * .*". In retrospect, the neater way I should have thought of without doing a lot of Googling was to go up a directory and give the directory name.

Btw I hope verging off topic a little is ok, as I'm not the only one doing it :wink:

Hmmm, good point. Thread split is probably imminent... I have to meet people for dinner now though, so it'll have to wait.

User avatar
Berengal
Superabacus Mystic of the First Rank
Posts: 2707
Joined: Thu May 24, 2007 5:51 am UTC
Location: Bergen, Norway
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Berengal » Mon May 12, 2008 5:43 am UTC

Why sudo is bad:
"sudo X-Fi-Drivers/install"
*computer freezes, wait 15 minutes*
*reboot, kernel segfaults*

Why root is bad:
*boot in recovery*
"cp /usr/src/linux-kernel-newly-compiled /boot/vmlinuz-new-kernel"
"nano /boot/grub/menu.lst"
*reboot*
"Loading grub...
Error 15"

*starts looking for live-cds*
It is practically impossible to teach good programming to students who are motivated by money: As potential programmers they are mentally mutilated beyond hope of regeneration.

Xbehave
Posts: 54
Joined: Wed Jan 09, 2008 4:45 am UTC

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Xbehave » Mon May 12, 2008 6:58 am UTC

Wait i dont get how sudo is bad at all:
its the standard security model among desktops OSs
Its usable enough that people dont switch it off.
It keeps almost all your processes running as non-root (meaning that an firefox exploit cant compromise your system)
(Xp showed having a seperate root account simply doesnt work)

that is just flat out morondic. sudo is supposed to let a few non root users have access toa select root commands, not be an annoying and silly replacement for su.

Sudo is a tool, suggesting there is only one way to use a tool is just flat out moronic, do you go round and complain when sombody "abuses a hammer" by using it for smashing stuff up.?

Which crappy software do they package?

More importantly why is it a complaint, the aim of a distro is to make software available to you, they cant code the entire OS so the quality of the packages is beyond their control. packaging all software is a feature, no a problem (the only reason they dont package more crappy software is that there's a point where its just not worth it

Sure this sounds like a fanboy post, but if you look at my other posts on ubuntu youll see im clearly not a fan, let alone a fan boy, i just REALLY hate completely unfounded complaints
idk since i dont use ubuntu
GENERATION 20: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social experiment.

User avatar
Simon
Posts: 14
Joined: Sat Apr 14, 2007 4:12 pm UTC

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Simon » Mon May 12, 2008 11:30 am UTC

EvanED wrote:
enk wrote:I can think of these two ways around it:

Code: Select all

find . -maxdepth 1 -type f -name .\*
ls -dF .* | grep -v /

piped to xargs or used in backticks.
Is there a neater way?

Neither of which I think I should have to do.

Hear, hear!

Maybe because I'm a relative *nix newbie -- I haven'y been using Linux for that long relative to a lot of people here -- but the *nix shell seems to me to be rather stuck in the 1970s.

I can understand that back then, it made sense to have the shell just handle everything as a textstream. It was a simple, fast, efficient way of doing things.

But in this day and age of n GHz processors and m GB of RAM, surely it no longer makes sense to have a shell that can be trivially tricked into treating a filename like "-rf *" as a command line argument after a wildcard expansion. Surely it no longer makes sense to have a shell that treats "mv *.jpg *.jpeg" by overwriting the second .jpg with the first. Surely it no longer makes sense to handle everything as a contextless stream of bytes to be mindlessly spat out by one process and interpreted by the next.

Where's my modern, object oriented *nix shell?

It's not like the technology isn't already here. Something based on the Python or Ruby interactive shells would be ideal; handling, instead of text, the well-defined object types that are built into the language. So if you're trying to pass a matrix of information, for example, instead of using whitespace -- tabs and linebreak -- as structure, you'd pass an array object. Instead of piping objects to a thousand and one different text utilities to maniplulate them, you'd use the language's built in object methods.

I mean, there's nothing you can do in bash that you can't do in python with the right modules -- os, shutil, glob, that sort of thing. Only due to its verbosity, it's a bit inconvenient to use it as a normal shell at the moment: shutil.copy as opposed to cp, for example, and you have to explicitely use glob.glob if you want wildcard expansion. But surely that's all solvable with a good set of function wrappers (that can incorporate all the usual arguments).

There's pyshell; but that's not really what I'm thinking of -- it's a normal, text-based *nix shell, like any other, which still uses the usual textstream-based coreutils; only with a python syntax. A proper object-oriented shell would have to dump coreutils and either make a new set which work with the language objects rather than a textstream, or just make everything a built-in function in the shell. In an object oriented shell, a lot of the coreutils would just be redundant anyway, since they'd be better implemented as methods of various types of objects.

I realise that considering the enormous inertia of traditional unix , nothing like this is going to replace bash any time soon. But it would be nice, no? Or am I just being silly?
I don't like numbers which can't be written as fractions. It's an irrational fear.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Mon May 12, 2008 11:54 pm UTC

ok you find a file faster than slocate in a gui. get back to me when you do

Xbehave
Posts: 54
Joined: Wed Jan 09, 2008 4:45 am UTC

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Xbehave » Tue May 13, 2008 11:08 am UTC

just did, i did ctrl+f in konqueror and slocate in konsole and konqueror found the file i was looking for while slocate spewed out a whole list of files in hiden directories too, meaning i saw the result in konqueror 1st
GENERATION 20: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social experiment.

User avatar
ash.gti
Posts: 404
Joined: Thu Feb 07, 2008 1:18 am UTC
Location: Probably a coffee shop.

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby ash.gti » Tue May 13, 2008 8:02 pm UTC

d3adf001 wrote:ok you find a file faster than slocate in a gui. get back to me when you do



This reminds me of the last time I ssh'ed into a solaris 10 machine.... I was so lost without slocate (or locate) I couldn't find it on the server... I almost cried. Its rough without it when your on a foreign machine that you haven't ever managed or touched before.
# drinks WAY to much espresso

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Tue May 13, 2008 8:31 pm UTC

Xbehave wrote:just did, i did ctrl+f in konqueror and slocate in konsole and konqueror found the file i was looking for while slocate spewed out a whole list of files in hiden directories too, meaning i saw the result in konqueror 1st


doubtful and even if its true then you have click back 2 times then go at least 3 dirs deep then click on it to open it then the editor has to load. vs slocate then vim <middle click>

EvanED
Posts: 4331
Joined: Mon Aug 07, 2006 6:28 am UTC
Location: Madison, WI
Contact:

Re: The value of Sudo

Postby EvanED » Wed May 14, 2008 2:36 am UTC

Okay, I screwed up before... the title should have been set to "the value of sudo" when I split the thread.

Anyway, we're now off topic from *there*, so if you want to continue talking about GUI vs. CLI, I suggest making a new thread.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby d3adf001 » Wed May 14, 2008 2:51 pm UTC

Xbehave wrote:Sudo is a tool, suggesting there is only one way to use a tool is just flat out moronic, do you go round and complain when sombody "abuses a hammer" by using it for smashing stuff up.?


actually yes i do. i dont like when people use the wrong tool. ex: use a knife as a screw driver, using a claw hammer as a pry bar and this one REALLY pisses me off using a soldering iron to heat plastics up to bend.

also besides ubuntu where is sudo the "standard" last time i checked every distro that isnt bassed on ubuntu uses su. you CAN install sudo and set it up properly on them but why would you on a desktop?

Xbehave
Posts: 54
Joined: Wed Jan 09, 2008 4:45 am UTC

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Xbehave » Wed May 14, 2008 3:13 pm UTC

d3adf001 wrote:
Xbehave wrote:just did, i did ctrl+f in konqueror and slocate in konsole and konqueror found the file i was looking for while slocate spewed out a whole list of files in hiden directories too, meaning i saw the result in konqueror 1st


doubtful and even if its true then you have click back 2 times then go at least 3 dirs deep then click on it to open it then the editor has to load. vs slocate then vim <middle click>

nope single click then if its a text file, kate can load in the time it takes my to type nano . maybe im just a slow typer though.

d3adf001 wrote:actually yes i do. i dont like when people use the wrong tool. ex: use a knife as a screw driver, using a claw hammer as a pry bar and this one REALLY pisses me off using a soldering iron to heat plastics up to bend.
The plastic heats up and bends right, the goal is achieved eitherway.

also besides ubuntu where is sudo the "standard" last time i checked every distro that isnt bassed on ubuntu uses su. you CAN install sudo and set it up properly on them but why would you on a desktop?

Not sudo, but the model of having hybrid admin, normal users linked by the normal user being asked to grant admin rights to executables is used in vista & os X. The idea of separate admin accounts for desktops is naive and outdated unless only dealing with security concious people. Even with security concious people hybrid accounts still reap the benefits of most programs running as normal users while allowing a full interface for the admin to get their job done, and if your security conscious you'll have a 2nd non-hybrid account anyway.
GENERATION 20: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social experiment.

User avatar
Endless Mike
Posts: 3204
Joined: Thu Dec 06, 2007 3:04 pm UTC

Re: Best *nix Desktop Environment/Window Manager/whatever

Postby Endless Mike » Wed May 14, 2008 3:42 pm UTC

d3adf001 wrote:
Xbehave wrote:Sudo is a tool, suggesting there is only one way to use a tool is just flat out moronic, do you go round and complain when sombody "abuses a hammer" by using it for smashing stuff up.?


actually yes i do. i dont like when people use the wrong tool. ex: use a knife as a screw driver, using a claw hammer as a pry bar and this one REALLY pisses me off using a soldering iron to heat plastics up to bend.

also besides ubuntu where is sudo the "standard" last time i checked every distro that isnt bassed on ubuntu uses su. you CAN install sudo and set it up properly on them but why would you on a desktop?

Did you get angry when cavemen used sticks to kill animals?

McGuyver must make your head explode in rage.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: The value of Sudo

Postby d3adf001 » Wed May 14, 2008 7:48 pm UTC

well first off it ruins the soldering iron. second off the stick is innovation, sudo isnt. 3rd off mcgyver used all that random stuff because it was the best thing around. if there wasnt su then sure using sudo bash or just sudo would work. also dont give the the mcgyver crap i love hacking.

Masuri
Posts: 536
Joined: Sun Jul 22, 2007 8:23 pm UTC

Re: The value of Sudo

Postby Masuri » Wed May 14, 2008 8:29 pm UTC

Sudo is a pretty useful tool when used correctly. It's also a great hack for smart people to get around stupid people's rules.

Clearly, there are smart ways and stupid ways to use sudo, just like the screwdriver set or clawed hammer. If you are stupid about it, there's no difference between giving them the root password. Yes, I have to type in my password to be able to just log in as root - but then, of course, I can just blow away the log! There is a practical application for this, though, and that is getting around dumb ass corporate rules. At my work, we're not allowed to know the root password for audit reasons, so we just set up sudo to be able to su - root. Problem solved, auditors appeased, work continues as normal. So, while stupid people use this feature incorrectly, smart people can exploit it for gain.

In a responsible environment where trickery is not required, the sudoers file is brilliant. For my own work, I need to run 2 commands as root to administer the product I work on. /opt/ctmag/ctm/scripts/shut-ag and /opt/ctmag/ctm/scripts/start-ag. There is no way in hell that I would ever, ever, ever be allowed to have the root password on most machines, but if I tell them to give me access to invoke those commands and only those commands as root via sudo, I don't need root access - and I don't have to bother the system admin to do anything for me. Win/win.

I think that a lot of people don't bother to take the time to understand that sudo is not just a 'put in your password to become root with no restrictions' tool. That's just the simplest, lamest implementation of it. This kind of thinking leads to histrionics and suffering and fights - kind of like this one. As a user, I am more than willing to just use sudo to invoke my two commands with no harm to the system and no inconvenience to the system admin. However! If you choose not to give me access to run my little commands, I am more than willing to page you at 3am to get your sorry ass out of bed, have you log in to the server, wait while you submit an EIDRS to break glass to get the root password 25 minutes later, let you log in and type the command I need. Then you get to file an emergency change management form which will then be reviewed by the production assurance committee and then either be approved or denied after they question you about the necessity of using the break glass system for 3 days... As a user, that's okay with me, too. ;)

So... the value of sudo is undeniable in certain situations. You just need to be smart about how you use it.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: The value of Sudo

Postby zenten » Wed May 14, 2008 8:34 pm UTC

Masuri wrote:Sudo is a pretty useful tool when used correctly. It's also a great hack for smart people to get around stupid people's rules.

Clearly, there are smart ways and stupid ways to use sudo, just like the screwdriver set or clawed hammer. If you are stupid about it, there's no difference between giving them the root password. Yes, I have to type in my password to be able to just log in as root - but then, of course, I can just blow away the log! There is a practical application for this, though, and that is getting around dumb ass corporate rules. At my work, we're not allowed to know the root password for audit reasons, so we just set up sudo to be able to su - root. Problem solved, auditors appeased, work continues as normal. So, while stupid people use this feature incorrectly, smart people can exploit it for gain.

In a responsible environment where trickery is not required, the sudoers file is brilliant. For my own work, I need to run 2 commands as root to administer the product I work on. /opt/ctmag/ctm/scripts/shut-ag and /opt/ctmag/ctm/scripts/start-ag. There is no way in hell that I would ever, ever, ever be allowed to have the root password on most machines, but if I tell them to give me access to invoke those commands and only those commands as root via sudo, I don't need root access - and I don't have to bother the system admin to do anything for me. Win/win.

I think that a lot of people don't bother to take the time to understand that sudo is not just a 'put in your password to become root with no restrictions' tool. That's just the simplest, lamest implementation of it. This kind of thinking leads to histrionics and suffering and fights - kind of like this one. As a user, I am more than willing to just use sudo to invoke my two commands with no harm to the system and no inconvenience to the system admin. However! If you choose not to give me access to run my little commands, I am more than willing to page you at 3am to get your sorry ass out of bed, have you log in to the server, wait while you submit an EIDRS to break glass to get the root password 25 minutes later, let you log in and type the command I need. Then you get to file an emergency change management form which will then be reviewed by the production assurance committee and then either be approved or denied after they question you about the necessity of using the break glass system for 3 days... As a user, that's okay with me, too. ;)

So... the value of sudo is undeniable in certain situations. You just need to be smart about how you use it.


No one was arguing that it is totally useless. The argument is on a desktop machine, for a home user, does it make sense to use it over just switching over to root?

Xbehave
Posts: 54
Joined: Wed Jan 09, 2008 4:45 am UTC

Re: The value of Sudo

Postby Xbehave » Wed May 14, 2008 8:49 pm UTC

zenten wrote:No one was arguing that it is totally useless. The argument is on a desktop machine, for a home user, does it make sense to use it over just switching over to root?

Did you really just ask if it makes sense to give admin users the ability to run programs as root (like vista/mac/ubuntu) instead of giving them a root account and asking them not to use it (like XP) makes sense on desktops?
GENERATION 20: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social experiment.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: The value of Sudo

Postby d3adf001 » Wed May 14, 2008 8:51 pm UTC

Masuri wrote:Clearly, there are smart ways and stupid ways to use sudo, just like the screwdriver set or clawed hammer. If you are stupid about it, there's no difference between giving them the root password.


i think he made his point. or mybe im taking it so that it fits my side, either way i totally agree with what he said its just a question of extending it to a desktop. and i dont see any reason to have more lax security on a desktop because it isnt a work machine. but then again im anal about security.

Xbehave wrote:Did you really just ask if it makes sense to give admin users the ability to run programs as root (like vista/mac/ubuntu) instead of giving them a root account and asking them not to use it (like XP) makes sense on desktops?


xbehave giveing someone the root password isnt like XP. if you have the root password you dont run as root. you run as the normal user then su do what you have and then leave. unlike xp nothing works unless you are admin. also i bolded it so it sinks in.

User avatar
ash.gti
Posts: 404
Joined: Thu Feb 07, 2008 1:18 am UTC
Location: Probably a coffee shop.

Re: The value of Sudo

Postby ash.gti » Wed May 14, 2008 9:15 pm UTC

Su and sudo are effectively the same IMO.

They both allow you to royally f-things up.

Heck, just do sudo -s and you're effectively doing su anyway.

I don't feel either ones more secure, but you can keep a better track record with sudo.
# drinks WAY to much espresso


Return to “Religious Wars”

Who is online

Users browsing this forum: No registered users and 9 guests