From owner-freebsd-questions@FreeBSD.ORG Thu Apr 5 14:51:31 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D548C16A404 for ; Thu, 5 Apr 2007 14:51:31 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by mx1.freebsd.org (Postfix) with ESMTP id B012D13C459 for ; Thu, 5 Apr 2007 14:51:31 +0000 (UTC) (envelope-from fbsd06@mlists.homeunix.com) Received: from gumby.homeunix.com (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 9DDDA519DB for ; Thu, 5 Apr 2007 10:51:30 -0400 (EDT) Date: Thu, 5 Apr 2007 15:51:28 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20070405155128.6c6c3a6d@gumby.homeunix.com> In-Reply-To: <4615000C.2070407@daleco.biz> References: <7d4f41f50704050142v9c73a17tb1812f218ea4416@mail.gmail.com> <4615000C.2070407@daleco.biz> X-Mailer: Claws Mail 2.8.1 (GTK+ 2.10.11; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Should sudo be used? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Apr 2007 14:51:31 -0000 On Thu, 05 Apr 2007 08:56:28 -0500 Kevin Kinsey wrote: > Victor Engmark wrote: > > Hi all, > > > > I thought it would be a good idea to use sudo on my FreeBSD laptop, > > but I'm having doubts after checking the handbook (it's not > > mentioned at all) and Google (most of the articles were obscure > > and / or old). > > It's not mentioned in the FreeBSD Handbook because it's not part > of the FreeBSD "base system". Although neither are Gnome, mplayer or growisofs, and they are covered. > It's a handy tool for calling your own scripts, or running > unprivileged scripts that need to perform a privileged operation. I > believe Christian also mentioned shell aliases; one example from our > usage is allowing a non-privileged user to establish a PPP > connection; either a CLI alias or a GUI button aliased to "sudo ppp > -background myisp". In my GUI I don't wish to run as root; sudo is > used so I can be "me" and still have pretty buttons that run > Ethereal, format a floppy disk, etc.. I think you have to be careful about what you are allowing to be done from general purpose accounts. If you give these authority to install or upgrade software, you might just as well be using Windows XP. BTW ppp can run as any user listed in "allow users" in ppp.conf.