Deutsch English Français Italiano |
<v8d307$1htj8$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!feeds.phibee-telecom.net!3.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: The Natural Philosopher <tnp@invalid.invalid> Newsgroups: comp.os.linux.misc Subject: Re: Wonderful Windows Zaps Banks/Transport/Media after "Update" Yesterday Date: Wed, 31 Jul 2024 11:17:43 +0100 Organization: A little, after lunch Lines: 54 Message-ID: <v8d307$1htj8$1@dont-email.me> References: <LhednausWIoLFwf7nZ2dnZfqnPidnZ2d@earthlink.com> <87h6cl74ix.fsf@tilde.institute> <v7gf9l$3i29q$3@dont-email.me> <slrnvajisi.3e0ab.candycanearter07@candydeb.host.invalid> <v8cjq4$1f67q$1@dont-email.me> <v8csn4$1go7v$2@dont-email.me> <wwv7cd1vrrw.fsf@LkoBDZeT.terraraq.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Wed, 31 Jul 2024 12:17:44 +0200 (CEST) Injection-Info: dont-email.me; posting-host="4b9d1cb77276f694d5b86cef6dd9b926"; logging-data="1635944"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18JNF6LSk8rXkgMA7LzauinlHW8pYTabNY=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:K4d1KPG1SDVrqO1+jUdECUjG1XI= Content-Language: en-GB In-Reply-To: <wwv7cd1vrrw.fsf@LkoBDZeT.terraraq.uk> Bytes: 3669 On 31/07/2024 10:23, Richard Kettlewell wrote: > The Natural Philosopher <tnp@invalid.invalid> writes: >> On 31/07/2024 06:58, Bobbie Sellers wrote: >>> "Sudo" is a bad implementation which replaced "su". >>> which invoked superuser privileges. You had to use your root >>> account password but Ubuntu decided that was dangerous so to invoke >>> the same privileges you can use your user accont passwork. >>> Canonical thought apparently that it was asking too >>> much of their projected userbase to remember User account >>> password and root password. >> >> Sudo allowed tailored access by certain users to certain root >> privileges, that su did not. >> >> It's a reasonable admin tool for a multiuser system. >> >> But who tuns a true multiuser system these days especially one where >> users can do simple admin? > > Even disregarding hobbyists, more than zero but I expect the number is > indeed rather small. > > There’s a few points here: > > * You can still set a root password and use ‘su’ on Ubuntu systems if > that’s what you want. Canonical are not enforcing a policy here, just > setting a default. > > * The ‘sudo instead of su’ model is common everwhere, not just Ubuntu; I > expect the motivation for the default setup on Ubuntu is > simplification, not any theories about who can remember how many > passwords. > > * Trusting sudo to enforce the a tailored access model is somewhat > optimistic given its CVE record, and the general record of the setuid > model that underpins it. > > * By escaping the setuid model run0 may improve on this issue, though it > brings other kinds of complexity with it; how it balances out is > probably a question for a few years time. > > * In the single-user context, sudo effectively creates the model that > your single user account has privileges equivalent to root, but that > you must explicitly mark any privileged operation. The former is just > acknowledging reality, the latter is a useful guard against accidents. > +1 to all of that. I use sudo if its just one thing I need to do, but if its messing with config files and restarting daemons, I use su - -- Microsoft : the best reason to go to Linux that ever existed.