Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
en:philosophy:sudo_complexity [2022/10/28 16:58] throgh |
en:philosophy:sudo_complexity [2022/11/03 14:08] (current) throgh [Solution with a strict and lightweight replacement] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== The complexity of " | ====== The complexity of " | ||
- | Starting with the release of Milky Way v0.3 we have been using foremost opendoas as direct replacement for using administrative rights with an unprivileged user-account. With the release of Milky Way v0.4 we have therefore now concluded this step as opendoas is for sure in our perspective the better way instead to stay on top for sudo. | + | Starting with the release of Milky Way v0.3 we have been using foremost |
===== Introduction and basic problem ===== | ===== Introduction and basic problem ===== | ||
- | The program sudo (sometimes also referred as shortened version for **S**uper-**u**ser **do**) | + | The program |
Documented reports like [[https:// | Documented reports like [[https:// | ||
- | There are furthermore issues reported with the default sudo config. The “safe environment” is under constant revision and regularly unable to run pkg_add or build a flavored port, because the expected variables were being excised from the environment. Even when sudoers is keept up to date probably would not have been such an ordeal, but constant software change, creates major security loopholes. So the core of the problem was and is that people like to use sudo to build elaborate sysadmin infrastructures with highly refined sets of permissions and checks and balances. People are therefore invited to use sudo to get a root shell without remembering two passwords. And so there is a considerable tension trying to ship a default config that would mostly work with the second group, but not be too permissive for the first group. | + | There are furthermore issues reported with the default |
===== Solution with a strict and lightweight replacement ===== | ===== Solution with a strict and lightweight replacement ===== | ||
- | Using opendoas as static replacement for administrative privileges was a first priority for Hyperbola as lightweight defined system. Intended as a minimalist replacement for sudo, providing "95% of the features of sudo with a fraction of the codebase", | + | Using <color # |