From owner-freebsd-questions@freebsd.org  Mon Mar 13 19:46:06 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A442FD0A324
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 13 Mar 2017 19:46:06 +0000 (UTC)
 (envelope-from freebsd@omnilan.de)
Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3617717A9
 for <freebsd-questions@freebsd.org>; Mon, 13 Mar 2017 19:46:06 +0000 (UTC)
 (envelope-from freebsd@omnilan.de)
Received: from mh0.gentlemail.de (ezra.dcm1.omnilan.net
 [IPv6:2a00:e10:2800::a135])
 by mx0.gentlemail.de (8.14.5/8.14.5) with ESMTP id v2DJk3GJ054849;
 Mon, 13 Mar 2017 20:46:04 +0100 (CET)
 (envelope-from freebsd@omnilan.de)
Received: from titan.inop.mo1.omnilan.net (titan.inop.mo1.omnilan.net
 [IPv6:2001:a60:f0bb:1::3:1])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mh0.gentlemail.de (Postfix) with ESMTPSA id A13DD7C5;
 Mon, 13 Mar 2017 20:46:03 +0100 (CET)
Message-ID: <58C6F6FB.5090902@omnilan.de>
Date: Mon, 13 Mar 2017 20:46:03 +0100
From: Harry Schmalzbauer <freebsd@omnilan.de>
Organization: OmniLAN
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE;
 rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
To: markham breitbach <markham@ssimicro.com>
CC: Phil Eaton <philneaton95@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: sudo alternatives; for the minimalists
References: <58C6BDC0.7070307@omnilan.de>
 <CAByiw+p0cM+O-wd8uoo0Kp8BNEiQvrrmQuK858ALAR9bTfJThA@mail.gmail.com>
 <58C6D50B.8030803@omnilan.de>
 <d4d98c0d-afd2-ded4-5224-0e6937bf4698@ssimicro.com>
In-Reply-To: <d4d98c0d-afd2-ded4-5224-0e6937bf4698@ssimicro.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7
 (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]);
 Mon, 13 Mar 2017 20:46:04 +0100 (CET)
X-Milter: Spamilter (Reciever: mx0.gentlemail.de; Sender-ip: ;
 Sender-helo: mh0.gentlemail.de; )
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 19:46:06 -0000

Bezüglich markham breitbach's Nachricht vom 13.03.2017 18:37 (localtime):
> You can set a credential cache timer for sudo, so it will only ask for a
> password every-so-often, 

That's another reason to un-blacklist "sudo" ;-)

> or you can permit members of a particular group
> access to sudo without and password required (particularly useful for
> limited tasks of daemons/cron-jobs).

Nah, that's more a reason to re-add to blacklist ;-)

Most important reason why I never considered using sudo is, it's not in
base.
I'm wondering, if it's such a versatile helper, and there are no
frequent security issues – by implementation nor by design – wouldn't it
have landed in base long time ago?


Still interested if anybody recommeends "doas" or any of the other
alternatives listed there for any good reason:
https://www.sudo.ws/other.html

thanks,

-harry