Have you read their page about sudo? Gives some pretty good insight. For bonus points, at the bottom of that page are links for security and administration.
In my home pc, I don’t use sudo because my wife is the main user, and in the ultra rare occasion I need to be root in the command line (for example, if she didn’t update packages from the GUI for long, I’ll update but I like aptitude better), then I use su. It’s a LTS 18.04 Kubuntu btw. Real users don’t need root. Distro hoppers and tinkerers (nothing wrong with it) do.
On servers, I also use su. I ssh as a normal user (root ssh is usually disabled), then often immediately su, as if I’m logging into the server, it’s for root work. I sometimes su - down to some specific “service” user to do that user’s tasks (such as git on a gitlab server, or ndbadm on a HANA DB server).
I only tinker with sudo if I want to create users that will have one single purpose, which needs root permissions, such as restarting a service. In this case that user will be in the sudoers file, with permission for a single script or command, and often that command will be its default shell in /etc/passwd, and someone can ssh (pre shared key) to trigger it if necessary.
This is the one I have and my only problems with it are that it’s a little too big to fit into a smaller purse or something, and it’s a little heavy. I can charge my phone and small tablet to full close to 20 times before it needs to be recharged, and it holds its charge just about perfectly between uses.
If you have root permissions, no amount of security setup can completely keep you from shooting yourself in the foot with things like this. In the end, you’ll need to do the reading and learning.
If you’re admin’ing a multiuser machine, best practice is to use sudo with a carefully curated /etc/sudoers, to ensure that no one has more permissions than they absolutely need.
For cases where you’re the sole human user and also the admin, sudo vs. su is pretty much a wash securitywise (because something always comes up where you need full root permissions, so you can’t give yourself less). It should be sufficient to add your user to groups, never issue a command not related to package management with sudo or an su’d shell without trying it as a user first, and if it doesn’t work as a user, stopping and thinking about why not and what you were trying to do in the first place.
never issue a command not related to package management with sudo or an su’d shell without trying it as a user first, and if it doesn’t work as a user, stopping and thinking about why not and what you were trying to do in the first place.
Thank you ! Because I was always using the root user for everything I also fucked-up my home directories, which really didn’t looked great ! I fixed everything right now (New user, new directory/file system, everything to the correct owner…) and will only add my specific user to the needed groups. I like that workflow, because having to sudo to everything with the root user really give me security concerns ! 👍
After a time, you do get a sense for what has to be done as root and what doesn’t, but giving commands as the root user should be the exception, rather than the rule. The idea is to habituate yourself to using a non-root shell whenever you can.
With great respect, and speaking as someone who has used both very extensively, I would argue Total Commander (on Windows) has got the upper hand of all those traditional NC clones.
kbin.life
Active