Re: Firefox 1.5.0.7 RPM

houghi wrote:
Vahis wrote:
I hope the fixed that in 10.2. OTOH I run YaST with sudo, so I don't
need to enter a password. Go figure. :-)
I need root password to sudo. I have not added myself to sudoers,
because sudoers can do just as stupid things as root. The comfort
there is, though, that they leave a better trace on the logs than
root...

Not true. sudoers can do stupid things as root for those things that yoi
*allow* them to do. This is what I have added in sudoers:
houghi ALL=NOPASSWD: /bin/mount, /bin/umount, /usr/bin/tail,
/usr/lib/YaST2/bin/y2controlcenter

This means I can run /usr/lib/YaST2/bin/y2controlcenter, yet not things
like `rpm -e yast` or `yast -i whatever` or rug or anything else.
Thsi means that I have about the same risk to do stupid things as you
have with zen.

That's cool I admit. I have another reason to require root
password from myself. Although I'm only fooling around with 6
machines I want to be asked for root passwords, I'd forget them
otherwise, since they are pretty strong.

That's exactly what happened to the phone number memory in my
head (there were like 100 to 150 of them, like 50 with a country
and area code) when the numbers got saved in cellphones.

Nowadays I don't remember them at all anymore, not to mention
different country and area codes. I'm happy if I can remember the
names I saved.


sudoers is much more then giving a user root priveliges or not. You can
decide exactly what rights people do get and what they don't get.
You can even take away the ability to do sudo (don't forget to take away
the rights to su as well)

Then you can either add just one or several users to be allowed to do
su and/or sudo or make a group that is allowed to do so and add users
there.

That's what one must do when administrating other users. I'm on
my own, though :)


Then about the tracability. This is what is looged when I do `sudo
/usr/bin/tail -f /var/log/messages`
Sep 17 19:52:15 penne sudo: houghi : TTY=pts/6 ; PWD=/home ; USER=root
; COMMAND=/usr/bin/tail -f /var/log/messages

Naturaly you don't want to type `sudo /dir/to/program`, so you could do
add the following to ~/.alias:
alias tail='sudo /usr/bin/tail'

That way I only have to type `tail -f /var/log/messages`

Now I do normaly a ccze (http://freshmeat.net/projects/ccze/) after a
tail, so for me a script called stail would be easier:

#!/bin/bash
/usr/bin/tail $1 $2 | /usr/local/bin/ccze

Looks interesting, I'll have to look into it closer.

Vahis
--
Sometimes I reply to top posters. Seldom. And usually just once.
Motorcycling, Boating and SUSE Linux:
http://waxborg.servepics.com
.

Relevant Pages

  • Re: Im Beaten
    ... which lists which users are allowed to user "sudo" ... then the command is run as root. ... man sudoers has some examples on how to allow an app to be ran ...
    (Ubuntu)
  • Re: [Full-disclosure] Todd Miller Sudo local root exploit discovered by Slouching
    ... ....but if the 'sudoers' file is correctly configured then you would not ... have the appropriate sudo permission to run the 'sudoedit' as root. ... user is not allowed to execute './sudoedit test' as root on this ... echo Tod Miller Sudo local root exploit ...
    (Full-Disclosure)
  • Re: debian and ubuntu - answer from user not pretending to be guru
    ... convenient, for most things, and I do not like the sudo that Ubuntu uses; ... prefer su - root. ... I'm not looking to criticize your choice, but the setting on Ubuntu to lock ... If you want to use a root password on Ubuntu, ...
    (Debian-User)
  • Re: Firefox 1.5.0.7 RPM
    ... I need root password to sudo. ... because sudoers can do just as stupid things as root. ...
    (alt.os.linux.suse)
  • Re: Im Beaten
    ... sudo is a command that means "do as su. ... then the command is run as root. ... man sudoers has some examples on how to allow an app to be ran ...
    (Ubuntu)