On Dec 14, 2011, at 4:21 PM, Sean Conner wrote:
It was thus said that the Great Richard once
stated:
In article <539CFBE84C931A4E8516F3BBEA36C7AA4D7E8D75 at 505MBX1.corp.vnw.com>,
Rich Alderson <RichA at vulcan.com> writes:
That's an awful lot of schratzing around to
accomplish what a simple
GUNRUP% sudo /bin/bash
will do for you. (I use this frequently on my Snow Leopard system.)
Is there some reason you don't do 'sudo -i'?
Basically, yes. I *loathe* sudo [1], so the less I have to use it, the
better. I made the assumption that sudo bash (or any other number of
commands that have been presented) were locked, because what's the *point*
of sudo if you can just simply do "sudo bash"? [3]
The point is so you don't do something stupid accidentally, like "chmod -R
666 /". It's just a safety; it's not meant to lock people out of having
root
shells, it's just to prevent them from doing it routinely. It's been useful
to me in that respect, as it has prevented me from doing stupid things
accidentally because I wasn't in a root shell.
It also has the alternate function of granting limited admin powers to
non-superusers, but I would argue that anything other than a whitelist of
commands is asking for trouble in that regard (and it's probably just not a
great idea in general, given how many programs have doors out the side, like
vi).
It depends. For instance on workstations you might grant the official
user of the machine unlimited sudo access, using it just as a conscious
barrier: "cross this line and you can _really_ break stuff". Backstop
that with a standard configuration management system (like cfengine) to
keep the machine automagically within the standard setup.
Kind regards,
Alex.
--
"Opportunity is missed by most people because it is dressed in overalls and
looks like work." -- Thomas A. Edison