[olug] Ubuntu, cant su root
Christopher Cashell
topher-olug at zyp.org
Fri Jul 24 23:04:32 UTC 2009
On Fri, Jul 24, 2009 at 3:15 PM, adunlop<techworld.mail at gmail.com> wrote:
> I do most of my work as root. If you don't know the specific and
> detailed consequence of the command you're about to run, you shouldn't
> be running it as any user. If you haven't double-checked the command
> before you hit enter you deserve what's coming. I think that using
> sudo to keep yourself from causing damage is a sloppy way of doing shop.
I'm gonna have to disagree with this.
First of all, running with sudo forces you to think a tiny extra
little bit about what you're running before you do it. It also helps
prevent many of the problems that plague the Windows world
(worms/trojans taking over machines due to user error/carelessness).
Finally, everyone makes mistakes. Simple things, like sudo, that can
help reduce them are well worthwhile.
Additionally, and perhaps more importantly, sudo gives you an audit
trail of who ran what. This is a good practice in any environment,
and a hard requirement in some.
Finally, if you're using a centralized authentication system, such as
LDAP, you can store your sudoers configs in LDAP. This gives you a
central place to update and manage user privileges and access. That's
where things really start getting cool.
> And with anything else, don't run untested commands on a production
> box, and keep backups of all work.
Best practices are important, and I definitely agree with those.
However, I've seen way too many human errors take down systems (and
even if you have backups, having a machine down for an hour while
you're restoring it can be very, very bad).
--
Christopher
More information about the OLUG
mailing list