To root or not to root?
Christopher Jones
jonesc at hep.phy.cam.ac.uk
Tue Aug 13 08:56:40 UTC 2019
> On 13 Aug 2019, at 9:03 am, Christopher Jones <jonesc at hep.phy.cam.ac.uk> wrote:
>
>
>
>> On 12 Aug 2019, at 9:40 pm, Gerben Wierda <gerben.wierda at rna.nl <mailto:gerben.wierda at rna.nl>> wrote:
>>
>> As I’m working my way to somewhat knowing what I’m doing, I have a question.
>>
>> I always set the timeout on sudo on my systems to 0 seconds. So, for every sudo command I enter, I have to type the password. This is somewhat safer than having a timeout (normally 300sec).
>
> What I do is allow ${prefix}/bin/port to run through sudo without requiring a password. you can do this by adding
>
> chris ALL=(ALL) NOPASSWD: /opt/local/bin/port
should have added here the above is added via ‘visudo'
Chris
>
> this in my opinion has two advantages
>
> 1. I never have to type my passport for running port
> 2. Because of 1., sudo never fully authenticates, so if I was to run another command through sudo immediately after port, that command will ask for my password.
>
> In my view, the above is more convenient, and also safer against my accidental bad usage of sudo.
>
> Chris
>
>>
>> This becomes tedious when there are many sudo commands to perform, so in that case, I often revert to running sudo -s or sudo -i, do my work as root and kill the subshell. This has risks too (e.g. doing a wrong rm command, but I’m pretty paranoiac about stuff like rm)
>>
>> For my first steps with macports, I’ve run everything as root that way, because I expected there would be changes in /Library/LaunchDaemons etc and I did not want toe be typing my password all the time.
>>
>> But I’m wondering if I should move back to running everything as ordinary user.
>>
>> Are there disadvantages to running to port commands as root?
>>
>> If I want to revert, what should I chown to that user? How should ownership in /opt be?
>>
>> Gerben Wierda
>> Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
>> Mastering ArchiMate <http://masteringarchimate.com/>
>> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20190813/7f1995d3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1930 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20190813/7f1995d3/attachment.bin>
More information about the macports-users
mailing list