[LUNI] Ever heard of SimplyMEPIS Linux?

[Martin Maney]

On Mon, Feb 12, 2007 at 07:51:47AM -0700, Mike Scott wrote:
> I oftyen wondered why *NIX never preached this procedure although the
> usernames are for us humans and the UID of root would still be 0.  I
> kind of like the sudo idea.

Tradition, that root-is-UID-zero thing, and maybe the consideration
that in order to use a strict sudo approach you must have the sudo
program, and that inevitably means yet more code (even if not *very*
much more) that's critical to security.  On the whole I rather like it,
but there's room for differences of opinion.

> I would imagine using (K)ubuntu in a production environment, you would
> have a user or group of users, that could sudo to full admin rights. 
> You could then dole out admin rights on a per-application basis to
> lower admins.

Another advantage of sudo when you have mutiple admins is that if
they're good about using sudo per command there's some record of what's
been donethat may help untangle confusions.  Surely the other Chinese
ideogram for "trouble" is two admins logged into one box...

-- 
the warfare on the cutting edge of any science draws attention
away from the huge uncontested background, the dull metal heft
of the axe that gives the cutting edge its power.  -- Dennett