Gentoo Archives: gentoo-user

From: Alan McKinnon <alan.mckinnon@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo.
Date: Sun, 28 Feb 2010 22:04:27
Message-Id: 201002282339.44291.alan.mckinnon@gmail.com
In Reply to: Re: [gentoo-user] Re: Manual pages (man pages) have ESC all through them when having used sudo. by ubiquitous1980
1 On Sunday 28 February 2010 07:06:43 ubiquitous1980 wrote:
2 > Nikos Chantziaras wrote:
3 > > On 02/28/2010 05:57 AM, ubiquitous1980 wrote:
4 > >> If I have logged in through sudo such as $ sudo su, when I then use man
5 > >> pages, they are covered in "ESC". This does not occur when using normal
6 > >> user accounts or the root account through su. Wondering what is going
7 > >> on. Thanks.
8 > >
9 > > Some ENV variables are unset by sudo.
10 > >
11 > > But anyway, "sudo su" makes zero sense :P
12 >
13 > sudo su makes sense if you want to use the root account while having the
14 > root account locked. Some, like Ubuntu, do it for security reasons.
15 > Not sure if they are valid, but I thought I would put this little
16 > problem out there for someone to make comment on.
17
18 I use "sudo su" a lot,a nd make it available to other root users on my
19 servers. It all makes perfect sense it the context of:
20
21 1. The password for the root account is secret. Changing it is a real ball-
22 ache, something not undertaken lightly.
23 2. The password is know to very very few persons, and ideally would be kept in
24 a locked safe needing signed CTO approval to open it.
25 3. I have a provisioning system that deploys user, their keys and password
26 hashes.
27 4. The person running "sudo su" is authorized to do so, so he gets root.
28 There's an audit trail too as not just anyone can get to my remote sysloggers.
29 5. When someone leaves, in the old days we had to manually change 100+ root
30 passwords, and of course always forget at least one. Now I run one command on
31 my user provisioning system and within 30 minutes that person's access is
32 gone, and I can guarantee a) it's gone everywhere b) there are no back doors
33 6. Not all OSes out there support sudo -i
34
35 So in the context of multi-admin servers, sudo su (or sudo -i if you will)
36 make perfect sense, and su far less so.
37
38
39 --
40 alan dot mckinnon at gmail dot com