[LINK] Ubuntu

[grove at zeta.org.au]

On Fri, 13 Mar 2009, Fernando Cassia wrote:

> Why people insist on using sudo? is it too much work to tell the user
> type "su" enter your admin password, and then go on with the procedure as root?

Sudo lets the user gain root privilege without knowing the root 
passwd.

In my world, it means I can set the root passwd to be anything I like,
set it in a redbook and forget it until it is required.  Meanwhile 
I can give users power without (too much) privilege.

Then we can use sudo, which offers a crude role management
structure to permit/deny users to gain root services in general 
or specific contexts.

Also, the root user may not have a well filled out $ENVIRONMENT 
and sudo allows the user to carry forward their own environment 
to their root status, for better or worse....

When you have a large multiuser environment, you do not want 
to be handing the root passwd out to clueless users, bogans,
wild monkeys or even experienced users as you will soon lose 
control of your systems so sudo works well there.

Sudo is fundamentally no different than setting an "admin" passwd
and user on an MSW system then providing a subset of the 
privileges using a standard user account to accomplish the same end.

There are much more complex/structured/expensive ways of doing 
this without sudo, but it rules for now.

I am working on an IDM project right now, part of my role 
is the provisioning of UNIX services.   Sudo is definitely
part of this for the foreseeable future because it is so 
easy to setup etc compared to RBAC, role managers and the like.

> sudo carries its own set of problems that are totally overkill for the
> end user, sometimes a given comment is not allowed to be used with
> sudo, hence you have to tell the user to edit "etc/sudoers" and the
> like.

So we give away the root passwd and it is treated with disdain 
after a while and treated like a party toy to be passed 
around and left exposed after a few months to make life easier.

> I don't understand the insistence on using gzip either when just a
> .zip would suffice. with gzip you have to enter a parameter whereas
> with zip you just 'unzip file.zip'. Zip and unzip are part of every
> distro nowadays. Not to mention the relic of .tar.gz files...

If you want to extract a single element from a zip file,
what do you do?

gz/tar are there not just for compressing files for archiving. 
They are resource centres for source code and binary packages.

I can search a tar.gz file extremely efficiently, cracking open 
an archive, examine/extract a source file or binary and not have 
to completely unpack the archive to do so.   I may be mistaken
but tar/gz also allows you to perform text functions on an archive 
using various toolkits, that zip does not.

Now, let me whinge about .rar format - there's a real stinker 
right there.

I use all the tools mentioned above and love the diversity that 
UNIX allows.   Let one million flowers bloom!


rachel

-- 
Rachel Polanskis                 Kingswood, Greater Western Sydney, Australia
grove at zeta.org.au                http://www.zeta.org.au/~grove/grove.html
 		The price of greatness is responsibility.