On Jul 27, 2015 02:48, "Jonas Große Sundrup" <[email protected]> wrote: > > Johannes Löthberg wrote: > > If the user has access to the root password, why is their sudo commands > > so limited in the first place? > > For example one could use sudo to whitelist certain commands for certain > users, whereas the administrator still uses su for general system > maintenance (especially if the administrator is not really using that > system and basically just uses the root-account for system maintenance; > for building packages you could easily do "su pkguser" as root without > needing a password and build packages that way).
If 'pkguser' is a dedicated user for building packages, why wouldn't it have sudo configured for properly building packages? If it's a shared user, make a dedicated user? > An other option is using sudo to whitelist network-related stuff to be > able to switch networks or run "netctl-auto list" without entering a > password etc. and use su for password-protected root-operations. > If you combine that with an autologin for the user, the user doesn't > even have to remember the userpassword. This is irrelevant to makepkg configuration. > In both scenarios one would need su for packet installations while sudo > is still installed. Sorry, I'm still not understanding your use case and why this shouldn't be solved by properly configuring sudo.
