Albert van der Horst
albert at spenarnc.xs4all.nl
Thu Jan 8 14:37:16 CET 2015
In article <mailman.17471.1420721626.18130.python-list at python.org>,
Chris Angelico <rosuav at gmail.com> wrote:
>On Thu, Jan 8, 2015 at 11:43 PM, Albert van der Horst
><albert at spenarnc.xs4all.nl> wrote:
>> I don't trust sudo because it is too complicated.
>> (To the point that I removed it from my machine.)
>> I do
>> su nobody
>> Who needs sudo?
>With sudo, you get MUCH finer control. I can grant some user the power
>to run "sudo eject sr0", but no other commands. I can permit someone
>to execute any of a large number of commands, all individually logged.
>I can allow sudo to other users than root, without having to reveal
>those accounts' passwords (chances are they don't even have
You've answered it. sudo works for a system with a very
knowledgeable system administrator and at least one other user.
Not for an electronic engineer who uses Python on his Raspberry Pi.
>But sure. If you want to cut out complication, dispense with user
>accounts altogether and run everything as root. That's WAY simpler!
I've no problem explaining to an electronic engineer not to do this,
while not offering him to do the system administration for him.
Having a separate account for system things is a useful distinction
that he can grasp and handle easily. Beyond that he is indeed inclined
to do everything as root, because what he wants is to make a turnkey to
feed his gold fish.
So a separate root account is the best protection for a single user
system. For quite a considerable part of the systems around,
sudo is over the top and stimulates no protection at all, i.e.
what I'd call counter productive.
I can save a 4-years olds life by imprinting on him to
stay on the side walk.
Albert van der Horst, UTRECHT,THE NETHERLANDS
Economic growth -- being exponential -- ultimately falters.
albert at spe&ar&c.xs4all.nl &=n http://home.hccnet.nl/a.w.m.van.der.horst
More information about the Python-list