[CentOS] Orwell's 1984 from Freedesktop,org?

Fri Jan 23 20:05:59 UTC 2015
Warren Young <wyml at etr-usa.com>

On Jan 23, 2015, at 12:35 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:

> As a matter of fact I tend to not use GUI admin tools since long ago.

Bring back Xconfigurator!

> I do prefer 3ware web RAID admin
> interface anything else (it more transparently prevents me from making
> fatal blunders - probably just me).

No, not just you.  tw_cli is needlessly confusing in its command structure.

Compare the operation of the ZFS and btrfs command line tools, to see how it should have been done.

> And yes, disabling root user and having sudo instead is on my evil list
> too: yet another SUID-ed binary, and potential holes due to some garbage
> in config file…

Given how old and battle tested sudo is, I think we can trust it.

My only remaining unease comes from the fact that the sudo binary is about 4x the size of su.

Still, I’m glad RH finally made it usable out of the box with EL7.  The default config in prior versions was only usable by root, which made it little other than an alias for su.

> BTW, su (with the same password for root as regular user
> has), and attempt to use sudo are the fist two things bad guys try when
> they log in with stolen password of regular user (after a compromise of
> machine elsewhere).

So don’t use the password for root or sudo-capable users elsewhere.  If you don’t know for a fact that the connection is secure and the password is securely hashed, use a different password.

Sudo offers many advantages that sudo does not, which counterbalance its risks, IMHO.