[conspire] (forw) Re: Baron Samedit
Rick Moen
rick at linuxmafia.com
Mon Feb 1 14:57:50 PST 2021
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
Date: Mon, 1 Feb 2021 14:56:54 -0800
From: Rick Moen <rick at linuxmafia.com>
To: Bruce Coston <jane_ikari at gmx.com>
Cc: [Bruce's long CC list]
Subject: Re: Baron Samedit
Organization: If you lived here, you'd be $HOME already.
Quoting Bruce Coston (jane_ikari at gmx.com):
> Now I and a bunch of others should go check and make sure we stick to
> using a ' real root account ' vs. sudo .
Whether sudo's flaws are tolerable is a judgement call. Obviously, the
recently disclosed coding screwup is a serious one. You could decide
that "Well, this is just that one time" and upgrade sudo. Or you could
decide you don't really need it, on what I call the Facebook theory.
People ask me how I solve Facebook problems, and my standard answer
is: "Simple: No Facebook, no Facebook problems."
Simple way to escalate privilege to a real root account on a system
where you've gotten used to using sudo:
$ sudo su - #Become the root user via sudo
# passwd root #Set a login password for the root user.
# exit
Thereafter, any time you need to briefly wield root authority from the
command line, do:
$ su - #You'll be asked for the root user's password
#
You can then, if you wish, jettison the sudo package.
And for heaven's sake, don't neglect to do "exit" or Ctrl-D
(equivalently) the moment you no longer need root authority.
Be aware that the root user has its own environment variable values, and
in particular has a different $PATH.
If you need to run _graphical_ (X11) applications with root authority,
and are not currently logged into your X11 session as the root user,
then you'll need one of the many "wrapper" approaches to do so.
I have a page describing those measures, old and new, here:
http://linuxmafia.com/faq/Security/root-with-x11.html
Personally, I avoid installing sudo at all on machines where there
aren't special circumstances that make it desirable, e.g., multiple
system administrators collaborating.
----- End forwarded message -----
More information about the conspire
mailing list