Mostly a good tutorial, but...
|
| Author | Content |
|---|---|
| caitlyn Jun 06, 2012 10:27 AM EDT |
For the most part this is a good Package Management 101 tutorial. There is just one comment I don't get:
Quoting:One difference is that typically in Red Hat you run all the rpm and yum commands as root.When you use sudo, as in his Debian/Ubuntu example, you are running as root. sudo is the preferred method for doing that with Red Hat as well since you don't have to hand out the root password to all the admins of a given box. Also... Quoting:By default, Ubuntu and its descendants, like Mint, don't have a root account.is simply untrue. Remote login and graphical login as root is disabled but the root account is there and can be accessed using su. |
| mbaehrlxer Jun 06, 2012 10:33 AM EDT |
and even if only sudo is available, there is always sudo -H -i sudo command greetings, eMBee. |
| caitlyn Jun 06, 2012 10:36 AM EDT |
Quoting:i don't want to fill my normal users history with admin commands that might pop up when i do a search in the history...I actually configure logging to use a separate sudoers file. Having that command history is actually essential in my view. On a couple of occasions in my career having that history has enabled me to track where a mistake was made and correct it. For that reason I much prefer using sudo on individual commands rather than using a root shell. I also tend to use sudo -s to get a root shell simply because I want to retain my environment variables rather than automagically switching to the root account environment. |
| mbaehrlxer Jun 07, 2012 12:28 AM EDT |
well, of course the root shell keeps the history. can you elaborate how that logging works? the main thing for me is not to mix normal and sudo commands in the same history. greetings, eMBee. |
| gus3 Jun 07, 2012 6:39 AM EDT |
@caitlyn, is it possible to record the CLI history to a remote, write-only sink using syslog, rather than recording to a readable file? |
| caitlyn Jun 07, 2012 11:10 AM EDT |
@mbaehrlxer: The simplest way to separate the log file is to make a change in the Defaults section of you sudoers file. For example: Defaults logfile=/var/log/sudo.log That way, instead of going to the main syslog file all sudo commands will go to a separate file. @gus3: Yes, definitely. sudo has a log_host option which can be set. It also is SELinux aware so you can lock the log down that way or with standard UNIX permissions. Here is a good reference which includes details: http://www.gratisoft.us/sudo/sudoers.man.html [Edit: typo] |
| JaseP Jun 07, 2012 11:19 AM EDT |
Quoting: is simply untrue. Remote login and graphical login as root is disabled but the root account is there and can be accessed using su. My understanding was that all login for root was disabled in the 'buntus. In other words, to login as root, at all, you had to change a config file... I might be wrong though. |
| gus3 Jun 07, 2012 11:46 AM EDT |
@caitlyn, I'm talking about the command history, not the sudo history. Big deal, someone ran "sudo bash". I want to know what they did in Bash. Edit: I should clarify, an admin might like to know what unprivileged users are doing, too. |
| caitlyn Jun 07, 2012 12:17 PM EDT |
@gus3: sudo has the capability to log all I/O so it is possible you can log everything after sudoing a shell. I've honestly never tried. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!