> Am 07.04.2018 um 01:41 schrieb Pete Biggs <pete at biggs.org.uk>: > > On Fri, 2018-04-06 at 11:50 -0500, Valeri Galtsev wrote: >> On Fri, April 6, 2018 11:42 am, Richard Demeny wrote: >>> Just sudo it >> >> This is exactly why I have big reservation in giving users sudo >> permissions. If they need sudo on UNIX or Linux for small thing like this, >> then they have no idea what they are doing and can easily screw the system >> up. Not to mention regular user should not hahe these permissions on >> multi-user system. If they know enough to not screw system up, they do not >> need almighty permissions and are able to install what they need into >> userspace. The last is the goal of the OP. >> > +100 > > Nobody has sudo permissions on my systems. The most common report of a > sudo attempt on my CentOS systems is 'sudo apt-get update', although I > have had 'sudo passwd root' (they got a bollocking).Does CentOS changed the package management? :-) -- LF
On Sat, 2018-04-07 at 12:23 +0200, Leon Fauster wrote:> > Am 07.04.2018 um 01:41 schrieb Pete Biggs <pete at biggs.org.uk>: > > > > On Fri, 2018-04-06 at 11:50 -0500, Valeri Galtsev wrote: > > > On Fri, April 6, 2018 11:42 am, Richard Demeny wrote: > > > > Just sudo it > > > > > > This is exactly why I have big reservation in giving users sudo > > > permissions. If they need sudo on UNIX or Linux for small thing like this, > > > then they have no idea what they are doing and can easily screw the system > > > up. Not to mention regular user should not hahe these permissions on > > > multi-user system. If they know enough to not screw system up, they do not > > > need almighty permissions and are able to install what they need into > > > userspace. The last is the goal of the OP. > > > > > > > +100 > > > > Nobody has sudo permissions on my systems. The most common report of a > > sudo attempt on my CentOS systems is 'sudo apt-get update', although I > > have had 'sudo passwd root' (they got a bollocking). > > Does CentOS changed the package management? :-) >Quite. This is not an Ubuntu dig, but when I challenge some of the users about the more dangerous sudo's they try, inevitably they say they got the command from the net, and by that they usually mean Ubuntu forums. P.
On Sat, 7 Apr 2018, Pete Biggs wrote:>> Does CentOS changed the package management? :-) > > Quite. > > This is not an Ubuntu dig, but when I challenge some of the users > about the more dangerous sudo's they try, inevitably they say they > got the command from the net, and by that they usually mean Ubuntu > forums.Whether the instructions come from the Ubuntu forums or not, we regularly experience the same thing: users unthinkingly following instructions in a REAME or posted on a web page. My experience suggests these folks are just on autopilot. We don't even follow up any more on most of the alerts; they'll ask us if it's important. So we rarely give out sudo on shared systems and when we do there's some "extreme vetting" going on. Also, Python has such a mature virtual-environment setup that more publicly posted instructions are using that route anyway. -- Paul Heinlein heinlein at madboa.com 45?38' N, 122?6' W