Hacker News new | ask | show | jobs
by mise_en_place 729 days ago
This is an elegant solution to the problem. We don't need to treat users as children, but at the same time we should avoid potential foot guns with sensible defaults. I'd argue that even `su` is not needed, if you need to be root, then login as root via console. This is as close as possible to logging into root from the console tty.
1 comments
bogantech 728 days ago
> if you need to be root, then login as root via console

1: This requires every user to have the root password, while sudo does not

2: If everyone just logs in as root there's no way to audit who actually logged in and did what.

link
kchr 728 days ago
Additionally, you need to rotate and distribute the new root password to all root users when you want to remove access for someone.
link
joveian 728 days ago
You can have multiple accounts with uid/gid 0 (and can set up smart card or u2f login too if you want).
link