• Swiggles@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    11 months ago

    sudoedit opens the editor as your user and just writes the file as root. For a single user who is also admin on the system this does not matter in many cases.

    In a multi user context you can easily escape your editor and run a shell which allows a non admin user to escalate their privileges. So from a security implementation standpoint this must exist and it does for this reason.

    Of course this also prevents some mistakes from happening and a bad plugin cannot destroy your whole system easily and so on. It boils down to good practice.

    • Doctor xNo@r.nf
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      edit-2
      11 months ago

      But, in that example:

      If I’m the admin it doesn’t matter I use it.

      If I’m not it’s not my problem that I could get more privileges than allowed. I’d probably even use the possibility then. 😅

      So it poses a risk if you allow none-admin users to do that on your system, but I still don’t see why I must choose to not use nano as root myself. 😅

      Anyway, good practice to me is ease-of-use instead of with 7 protections against things that rarely happen.

      Like, I’m pretty sure you are better protected from burglars if you also lock all doors inside your house, but I’m definitely not doing that either. 😅

      Edit: Also, if you have users on your system, just chroot/vroot/lxc them, so they be free to ‘sudo nano’ too… 😅

      • Swiggles@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        11 months ago

        sudo is not simply a tool to give admin privileges, but a tool to manage elevated permissions or run commands in a different users context.

        These things become a lot more relevant once you use the tools professionally. In a well configured system you are only allowed to run the things you are explicitly allowed.

        To be completely honest sudo is basically pointless in a single user context. There is almost no reason to even have it installed. It makes dealing with different environments easier though.

        Anyway as I said it does not matter in many cases if you are the systems administrator. On the other hand there is also no benefit in getting used to bad practices in case you have to unlearn them later.

        One more thing: what you suggest with chroot is one of the very reasons why you should not do that. You might have handed over the keys to break out of chroot. It is a well known vector which boils down to never run anything as root in a chroot environment.

        • Doctor xNo@r.nf
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          11 months ago

          I appreciate all the answers on what started out to mostly be a joke (the first comment, I’m not saying the rest was, I actually do mean my follow-up discussions and am enjoying them more than I should). 😅

          Anyway, first I must disagree with sudo being useless in a single-user environment since some services have non-user (nologin) accounts as which you still need to run things sometimes, so sudo is commonly useful in single-user environments (though you could technically go set bash for those, I suppose.)

          But yeah, I’m already used to “bad practices” as I have been using linux for 24 years now (when it still was it’s predecessor ‘pico’ 😅) (I said over ‘10’ years in an earlier comment, but I just realized I’m 40 and still calculated from 30. 😂 Wishful thinking. 😅) in what is assumed a bad practice, not only without any problems, but even because it never gave me problems.

          Might be an age thing too, but I hold on to ease of use over best-practice, especially if it hasn’t failed me in two decades and a half. I think it would take an actual attack on me abusing this behavior for me to stop doing it by now… And even then, I installed linux so many times in my life, even that seems more musclememory and not such a hassle anymore… 😅 At least I could make use of my backup system for once then… 😅