To root or not to root?

Christopher Jones jonesc at hep.phy.cam.ac.uk
Tue Aug 13 08:03:59 UTC 2019



> On 12 Aug 2019, at 9:40 pm, Gerben Wierda <gerben.wierda at rna.nl> wrote:
> 
> As I’m working my way to somewhat knowing what I’m doing, I have a question.
> 
> I always set the timeout on sudo on my systems to 0 seconds. So, for every sudo command I enter, I have to type the password. This is somewhat safer than having a timeout (normally 300sec).

What I do is allow ${prefix}/bin/port to run through sudo without requiring a password. you can do this by adding

chris   ALL=(ALL) NOPASSWD: /opt/local/bin/port

this in my opinion has two advantages

1. I never have to type my passport for running port
2. Because of 1., sudo never fully authenticates, so if I was to run another command through sudo immediately after port, that command will ask for my password.

In my view, the above is more convenient, and also safer against my accidental bad usage of sudo.

Chris

> 
> This becomes tedious when there are many sudo commands to perform, so in that case, I often revert to running sudo -s or sudo -i, do my work as root and kill the subshell. This has risks too (e.g. doing a wrong rm command, but I’m pretty paranoiac about stuff like rm)
> 
> For my first steps with macports, I’ve run everything as root that way, because I expected there would be changes in /Library/LaunchDaemons etc and I did not want toe be typing my password all the time.
> 
> But I’m wondering if I should move back to running everything as ordinary user.
> 
> Are there disadvantages to running to port commands as root?
> 
> If I want to revert, what should I chown to that user? How should ownership in /opt be?
> 
> Gerben Wierda
> Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
> Mastering ArchiMate <http://masteringarchimate.com/>
> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20190813/acb6b675/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1930 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20190813/acb6b675/attachment.bin>


More information about the macports-users mailing list