On Wed, Mar 28, 2012 at 10:19 AM, Joe Zeff joe@zeff.us wrote:
On 03/28/2012 08:29 AM, Reindl Harald wrote:
on a usual desktop PC with a standard-user it is a VERY bad idea because any attacker only needs to try "sudo anything" to get full control over the machine
My thoughts exactly. Except under very unusual circumstances I'm the only person who ever uses this PC, but I don't have sudo set up with nopassword. In fact, as I know the root password (being the person who installed Fedora) I don't have sudo set up at all. AIUI, sudo was written to allow people *who don't have the root password* limited access to administrative commands.
Yes, I understand that there are times you have to use sudo instead of su in a production environment to ensure that everything gets logged, but I've never understood why anybody would do it at home. YMMV and all that jazz, but if this is a home box, I'd suggest asking yourself why you're bothering with sudo in the first place.
In my case, it's because `sudo yum update` requires 3 less keystrokes `su -c 'yum update'`. ;-)
I generally only need root for one-off commands and IMHO sudo's syntax for that is far nicer than su's.
-T.C.