LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
Reload this Page to sudo or not to sudo
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.

Notices


View Poll Results: sudo su
I su only (or sudo not installed) 2 40.00%
I have installed sudo, but generally su 3 60.00%
I sudo only 0 0%
Voters: 5. You may not vote on this poll

Reply
  Search this Thread
Old 03-21-2008, 03:16 AM   #1
madivad
Member
 
Registered: Jan 2007
Posts: 70

Rep: Reputation: 15
to sudo or not to sudo

I notice in openSolaris (and others) that sudo is not installed, which I thought was strange since it encourages you to actually su more often than you need to when a simple one line sudo would suffice better.

Should I install sudo? or is there a good reason not to?
 
Old 03-21-2008, 04:06 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
The main reason to use sudo is that it allows you to delegate certain tasks to others without having to give out the root password. It logs each command and lets you control what commands can be run by certain users or groups of users.

I don't have solaris and so I don't know it they have a something similar.
 
Old 03-21-2008, 04:19 AM   #3
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
I can't vote. Like most poll, yours is missing the "none of the above" choice.

I use RBAC instead of sudo. It's simpler to use and has some features sudo is missing.

Here is the line I added in /etc/user_attr:

Code:
jlliagre::::type=normal;defaultpriv=basic,priv_file_dac_read,priv_file_dac_search,proc_zone,proc_owner;profiles=Primary Administrator
  • priv_file_dac_read and priv_file_dac_search allows me to search directories and see files content I couldn't otherwise because of their permissions.
  • proc_zone allow me to control non global zone processes
  • proc_owner allow me to view and alter processes that do not belong to me
  • Primary Administrator allow me to run any command as root just by prefixing it with "pfexec".
I find this alias convenient, as sudo is easier to type and remember:
Code:
alias sudo=pfexec
Last edited by jlliagre; 03-21-2008 at 04:20 AM.
 
Old 03-21-2008, 08:27 PM   #4
madivad
Member
 
Registered: Jan 2007
Posts: 70

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by jlliagre View Post
Here is the line I added in /etc/user_attr:

Code:
jlliagre::::type=normal;defaultpriv=basic,priv_file_dac_read,priv_file_dac_search,proc_zone,proc_owner;profiles=Primary Administrator
GREAT TIP (as usual)
Quote:
I find this alias convenient, as sudo is easier to type and remember:
Code:
alias sudo=pfexec
I've noticed pfexec NEVER asks for a password
 
Old 03-22-2008, 05:00 AM   #5
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
Indeed. Password prompting and caching aren't (yet?) in rbac.

If you want users to be prompted for a password, then you can use roles.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ — To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 01:36 AM
cannot "sudo apt-get uptate" or "sudo" anything! plz help mdguy21061 Linux - Newbie 7 04-13-2008 11:59 PM
LXer: sudo, or not sudo: that is the question LXer Syndicated Linux News 0 02-07-2008 05:40 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 03:20 PM
Sudo without having to type "sudo?" Mitch G Linux - Security 3 09-28-2006 02:16 PM

LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 04:41 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration