Path: ...!weretis.net!feeder9.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.omega.home.tnetconsulting.net!not-for-mail From: Grant Taylor Newsgroups: comp.os.linux.misc Subject: Re: Yet Another New systemd Feature Date: Wed, 8 May 2024 20:44:21 -0500 Organization: TNet Consulting Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Thu, 9 May 2024 01:44:21 -0000 (UTC) Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="omega.home.tnetconsulting.net:198.18.1.140"; logging-data="21175"; mail-complaints-to="newsmaster@tnetconsulting.net" User-Agent: Mozilla Thunderbird Content-Language: en-US In-Reply-To: Bytes: 2468 Lines: 33 On 5/8/24 01:27, Marc Haber wrote: > I have not worked in a single environment where the root password was > common knowledge. There's common knowledge of, or accessibility to, the root (or pick your target account) password and then there's using it daily to get to root. My current day job uses su to get to root multiple times a day. But that's because I've not been there long enough nor had the opportunity / free time to migrate to sudo or ksu (but we don't have Kerberos in the Unix environment). I've already talked about it with co-workers and management and have gotten a nod of approval to put together a plan to implement sudo. But time is a scares resource. > All environments I have worked in used personalized sudo to escalate > privileges. One even (the best one!) encouraged people not to escalate > to a root shell but type sudo for every single command as this leaves > a nice audit trail. That is where I want us to get to. > Doing so is considerably easier on Debianesque systems than in the > Red Hat world due to the more open directory permissions in Debian. Please elaborate. I've not noticed any difference in implementing sudo on Debian vs Red Hat. Or are you alluding to group / other permissions to access things without needing to use sudo? -- Grant. . . .