It would depend on if "marsbase" is property of a commercial entity if we go by the original intention (AFAIK). Most likely it would be marsbase.${COMPANY}.com.mars.sol.milky, or marsbase.${TL_GOVERNMENT}.gov.mars.sol.milky
Here...go listen to this netcast. It just *happens* to be Jeremy Allison being featured on FLOSS weekly. Pay close attention to the bits (somewhere around 35 min. into the netcast) where he mentions MS's intentions on interoperability, specifically what changes they made to the Sever Message Block protocol in Windows 2003/Vista. Yah, they might say that they want to play nice, but I have a hard time beleiving that MS has changed their tune since the creation of SMB2.
Sure, sudo *can* weaken security. Sure you can use the stock rules of sudo. Perhaps you just uncommented that line that says: "%wheel ALL=(ALL) NOPASSWD: ALL", and you noticed that you can do things like "$ sudo passwd" or "$ sudo su -" and gain root access. If you have a problem with that, don't put untrusted users in the wheel group, and make a new group for less trusted users that need to run *some* commands as root, and make sudo rules that limit it to just that.
Will a small application of thought, it shouldn't really be all that hard.
IMHO, root should be limited to login on an actual tty (with a very secure password, nothing less than 13 characters, alpha-numeric with special characters) and use sudo for everything else. Like a lot of other people have said, sudo is rather powerful. Using sudo enables you to limit the commands that a user can run as root, including creating several groups of users that can run different sets of commands, and leaves an audit trail. Granted, all of that might be over-kill for a one-person operation at home (any sort of critical environment should use sudo to it's fullest, and business == critical), but I still use sudo for my personal machines because I believe it to be good practice, I just don't use all of sudo's functionality.
Slashdot Mirror
It would depend on if "marsbase" is property of a commercial entity if we go by the original intention (AFAIK). Most likely it would be marsbase.${COMPANY}.com.mars.sol.milky, or marsbase.${TL_GOVERNMENT}.gov.mars.sol.milky
Here...go listen to this netcast. It just *happens* to be Jeremy Allison being featured on FLOSS weekly. Pay close attention to the bits (somewhere around 35 min. into the netcast) where he mentions MS's intentions on interoperability, specifically what changes they made to the Sever Message Block protocol in Windows 2003/Vista. Yah, they might say that they want to play nice, but I have a hard time beleiving that MS has changed their tune since the creation of SMB2.
Sure, sudo *can* weaken security. Sure you can use the stock rules of sudo. Perhaps you just uncommented that line that says: "%wheel ALL=(ALL) NOPASSWD: ALL", and you noticed that you can do things like "$ sudo passwd" or "$ sudo su -" and gain root access. If you have a problem with that, don't put untrusted users in the wheel group, and make a new group for less trusted users that need to run *some* commands as root, and make sudo rules that limit it to just that. Will a small application of thought, it shouldn't really be all that hard.
IMHO, root should be limited to login on an actual tty (with a very secure password, nothing less than 13 characters, alpha-numeric with special characters) and use sudo for everything else. Like a lot of other people have said, sudo is rather powerful. Using sudo enables you to limit the commands that a user can run as root, including creating several groups of users that can run different sets of commands, and leaves an audit trail. Granted, all of that might be over-kill for a one-person operation at home (any sort of critical environment should use sudo to it's fullest, and business == critical), but I still use sudo for my personal machines because I believe it to be good practice, I just don't use all of sudo's functionality.