[sf-lug] GKsu has long been EOLed

Sat Feb 16 10:53:03 PST 2019

Quoting Akkana Peck (akkana at shallowsky.com):

> You make an excellent point. I'd just been taking this "allowing
> ssh as root is horribly dangerous" gospel without examining it.

And, if you think about it, the way Ubuntu and similar distributions use 
sudo is pretty questionable from a security standpoint, too:  It
conditions the user to think of root privilege as just a bureaucratic
detail with a command prefix, and not even requiring a separate
password.  IMO, it makes root mishaps _more_ likely, not less.

There are other ways to use sudo, e.g., making escalating to system
privilege require a separate, root-specific password rather than just
using the admin user's regular password.  (Aside from that, the BSD
practice of restricting even the ability to escalate privilege to
members of a 'wheel' group has a lot of merit, and can be implemented on
Linux with a little PAM adjustment.)

Personally, I prefer the old-school conceptual model, where root is just
a dramatically different user reached by doing 'su -', whereupon the
shell prompt changes from '$' to '#', to remind you that you are now
playing with fire, need to watch your step, and should probably exit
that subshell and drop root privilege as soon as possible.  My friend
Richard Couture, who owned and ran the famous CoffeeNet Linux-based
Internet cafe in South of Market, SF, used to further underline that
point by causing all root-user xterm windows to have a red background.

Works for Me.[tm]

> Oh, yes, I certainly agree with that -- which is why I don't run
> any of those defaults. 

(Reminds me, aka please pardon the slight change of subject:)  It's easy
to forget, when you're a software nerd, that, by and large, when you
talk to the general public and diligently detail for them how they
should customise their software, that they're going to nod and listen
and sound receptive -- but then do _absolutely nothing_.

This was a lesson computer nerds learned only slowly after the Great
Unwashed discovered the Internet, and especially after the Year of
Endless September (https://en.wikipedia.org/wiki/Eternal_September),
1993, when AOL opened its Internet gateway.  You can still find all
manner of nerd-written, optimistic FAQs where we of the computerist
community patiently and concisely explained how to do interleaved
quoting, how and why to trim quotations, why HTML and binary attachments
have no place on Usenet and mailing lists, and so on.  

All of that documentation and assiduous help had approximately zero
effect, because the experts giving that assistance simply couldn't
conceive of _never touching the defaults_ -- yet, that's how Joe and
Jane Sixpack do their computing.  Every.  Time.

Except, of course, when they get social-engineered into downloading and
installing (mailware) 'toolbars' into their Web browsers and such.

[apulse:]

> THANK YOU! What a wonderful option, which I will definitely try.

You're very welcome.  I hope it does the trick.