Bob Proulx <b...@proulx.com> writes: > Tyler Smith wrote: >> Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority >> anyways? > > It isn't about restricting privilege. Both have superuser privilege. > It is about the invocation environment. >
I hadn't thought of that. Makes sense. > Sure if you are the only one using your own machine and nothing else > then it doesn't matter. I do have a habit of forgetting that not everyone is running a single-user laptop! > >> Is there any security benefit to logging in as a user with >> unlimited sudo access over just logging in as root? > > It isn't about security. Although the need to share passwords with su > makes it inherently less secure. > > > Accident prevention is an important safeguard. If you are operating > with your normal command line editing environment then you are less > likely to make mistakes. Thanks for your comments. I'm still not sure about using 'ALL=(ALL) ALL' in general, but at least I understand the other advantages of sudo over su. Cheers, Tyler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87fwv0ric3....@guruji.demimonde
