Even if you do not restrict their priveledges, sudo gains you things like logging and the capability to prevent root from being able to login at all. Plus it encourages the (yuck... business term) Best Practice of not using root privledget unless you absolutely have to.
-Jere On Wed, Jan 22, 2003 at 04:48:31PM +0100, Holger Smolinski wrote: > Why not use 'sudo' for getting (restricted) root privileges? > > Best Regards > Holger Smolinski > -- > Dr. Holger Smolinski, Linux on zSeries Service > IBM Deutschland Entwicklung GmbH,Sch�naicher Str. 220, 71032 B�blingen > FAX: +49-7031-16-3456, Tel. +49-7031-16-4652 > > > |---------+----------------------------> > | | "Nix, Robert P." | > | | <Nix.Robert@mayo.| > | | edu> | > | | Sent by: Linux on| > | | 390 Port | > | | <[EMAIL PROTECTED]| > | | IST.EDU> | > | | | > | | | > | | 22.01.03 16:40 | > | | Please respond to| > | | Linux on 390 Port| > | | | > |---------+----------------------------> > >>---------------------------------------------------------------------------------------------------------------------------------------------| > | > | > | To: [EMAIL PROTECTED] > | > | cc: > | > | Subject: Re: ssh success and yet another question > | > | > | > | > | > >>---------------------------------------------------------------------------------------------------------------------------------------------| > > > > We have several people w/ UID 0 (a practice I'm not sure is good...), all > with their own home directories, and have not yet found any problems. > > ---- > Robert P. Nix internet: [EMAIL PROTECTED] > Mayo Clinic phone: 507-284-0844 > RO-CE-8-857 page: 507-270-1182 > 200 First St. SW > Rochester, MN 55905 > ---- "Codito, Ergo Sum" > "In theory, theory and practice are the same, > but in practice, theory and practice are different." > > > > -----Original Message----- > > From: Post, Mark K [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, January 22, 2003 9:18 AM > > To: [EMAIL PROTECTED] > > Subject: Re: ssh success and yet another question > > > > Lonny, > > > > True, but most of the documentation tells you to define superusers as > having > > a home directory of "/". In the early days, some things would break if > you > > did not. I haven't checked lately, so I don't know if that's changed at > > all. > > > > Mark Post > > > > -----Original Message----- > > From: Sivey,Lonny [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, January 22, 2003 10:07 AM > > To: [EMAIL PROTECTED] > > Subject: Re: ssh success and yet another question > > > > > > Mark, > > > > There are many things to complain about with Unix System Services, but > > that's not one of them. Each user can have a different home directory > > regardless of whether or not they run as UID(0). The home directory is > set > > in the user's OMVS segment. This is assuming you are using Security > Server > > (RACF). I'm not sure how 3rd party security products implement this. > The > > $HOME variable will be automatically set to the value in the user's OMVS > > segment. > > > > Lonny > > > > -----Original Message----- > > From: Post, Mark K [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 21, 2003 4:58 PM > > To: [EMAIL PROTECTED] > > Subject: Re: ssh success and yet another question > > > > > > Unfortunately, "/" is the home directory for root users on Unix System > > Services. Yet another example of IBM getting it wrong in that > environment. > > :( > > > > Still, I just did a test on a z/OS 1.2 system: > > mkdir //.ssh/ > > worked by creating /.ssh as I expected it to. > > > > Paul, are you running with a read-only root HFS? If so, then you'll have > to > > set the HOME environment variable. If not, simply creating the .ssh > > directory should work. > > > > Mark Post > > > > -----Original Message----- > > From: Tzafrir Cohen [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 21, 2003 4:43 PM > > To: [EMAIL PROTECTED] > > Subject: Re: ssh success and yet another question > > > > > > On Tue, 21 Jan 2003, paultz wrote: > > > > > > > > Now everything is talking, and the only annoyance is this: > > > When I answer "Yes" to the question of "Are you sure you want to > > > continue connecting (yes/no)?", I get: > > > "Failed to add the host to the list of known hosts > (//.ssh/known_hosts)." > > > > HOME seems to be set to '/' > > > > Are you doing this as root or as a normal user? > > > > Either way, set HOME to the correct value. > > > > -- > > Tzafrir Cohen > > mailto:[EMAIL PROTECTED] > > http://www.technion.ac.il/~tzafrir > ---end quoted text--- -- --------------------------------------------------------------------- | Jere Julian, RHCE, CCNA Cisco Systems, Inc. ITD - IBM Sustaining | | mailto:[EMAIL PROTECTED] 7025 Kit Creek Rd, RTP, NC 27709 | ---------------------------------------------------------------------
msg11228/pgp00000.pgp
Description: PGP signature
