On 06/13/2014 02:20 AM, Dirk Gently wrote:
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
The purpose of sudo is to allow the system administrator to delegate to a non-privileged user a limited number of commands by appropriate configuration
Both Ubuntu and openSuSE are set up wrong.
In that 'out of the box' they are not set up to the specific needs of any particular system, yes.
If the user has the root password, then they can just use su, and do anything with that. That's the problem with the openSuSE configuration.
That's the problem with the 'out of the box' configuration that has not been customized to specific site needs by the system administrator. Many packages, Postfix, Samba, Dovecot and more are in this category.
If the user can do ANYTHING with sudo, then, they can do ANYTHING as root. That's the prbolem with the Ubuntu configuration.
The problem is really 'learned disability' and treating the user of a single-user system as if he was a sophisticated and experienced system administrator. This 'dumbing down' was epitomised by Microsoft with MS-DOS and early Windows where the end user had sysadmin privileges simply because there was no access control. Dijkstra talks of languages such as COBOL crippling the mind. I get to wonder about the security attitudes people whose first system was MS-DOS or early Windows, sometimes. I also get to wonder about people who expect complex systems that don't have an 'idiot stick' front end[1] to be managed without specific administration and configuration. After all, what are sysadmins for if not to understand the needs of the users and make sure the system meets those needs? What was that? "BoFH"? Oh, right! []1 A car is an example of that. The mechanical, chemical, electrical and electronic complexity is immense, but kids and grandmothers can drive one. All it takes is two pedals and steering wheel. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org