Hi, ----- On 12 Feb, 2015, at 14:43, Chris Jones [email protected] wrote:
> I would actually argue allowing port to run via sudo without requiring a > password could be viewed as improving security. By allowing 'sudo port' > to run without a password, you never have to authenticate, which means > sudo never enters into its state where it can run *any* command without > a password. This means running > > > sudo port XYZ > > sudo <something bad> > > will prompt you for a password on that second command, because the first > does not require one. If you had to enter a password for the first > command, then the second would just run... No, this improves safety, not security. It's fine if that's your use case, and I completely agree with it. The moment you allow "sudo port" without password you give your user account passwordless sudo privileges. Personally, I have a hardware token I use to ease the pain of typing my sudo password a lot. I have configured my PAM to allow sudo either if challenge-response with my token succeeds or the password is correct. This way I can just plug in the token when I know I'm going to run a couple of commands that need sudo in a row. -- Clemens Lang _______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
