This is very informative, thanks. For me your strongest argument is that with sudo, many "roots" are possible and each has its own tracelogs. (I guess a sudo-er can not destroy his or other sudo-ers log files right?). Granted. This is the picture from the ground and you present it nicely. But there is also the biggest picture - which I concentrate more because I do not have to solve practical problems in my day-to-day. Like the ones you present.

So, for example, despite that sudo's real use-case is mutli-location, big corporation servers, sudo has also been promoted to ubuntu-type desktop users. Really hard and with great zeal! I already mentioned that most wiki/howtos around mention the word sudo a dozen times each. IMO the only purpose is to dumb-down and short-circuit Unix security. At the time where an un-firewalled machine on the net lasts only a few hours, at a time that registering to any stupidwebsite.com, just to file a bug for their stupid platform, requires a military-strength password!!! In these times, some wiki/howto author comes and brainwashes us that forget a root password, use your own to bootstrap to root. And they don't even put a warning: "I told you to get rid of your car's seatbelt so that grabbing beers and cigarettes from the back seat becomes easier and that enhances your overall driving experience, but also risks your life.".

Regarding Windows, I noticed that they do not at all promote administrator account! I may exaggerate but only a bit if I said 9/10 of non-IT windows users do not know an admin account even exists. And I have just learned, that the only root in my OSX is Apple Inc.!!xE+99 (see SIP)

Three different models of security, plus, the fourth, the traditional Unix security. Two of them are totally *!%$$%. While the third has only its merits promoted and not its risks. The fourth is how things were done.

btw, from the link you posted I learned about Chris Msando, a true IT hero it seems to me.

bw, bliako

In reply to Re^6: Greetings and salutations | sudo by bliako
in thread Greetings and salutations | sudo by zentara

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.