I tried out the YaST sudo tool. I can use “visudo” no problems, but it’s always good advice to “do things the openSUSE way” if possible.
To cut a long story short
I think the YaST sudo tool is flaky. It loses data and/or corrupts /etc/sudoers. When it corrupts, you’re in trouble because you have to go in as root, 'cos sudo doesn’t work anymore.
I restored /etc/sudoers from my other 11.0 machine. It’s worth taking a copy of the unmodified file before experimenting with the YaST sudo tool.
I think the root cause is any line with a colon in it, but TBH I can’t be bothered to debug it methodically.
Overall though, I’m most impressed with openSUSE 11.0 on three machines.
It’s safer from an ergonomic point-of-view - less chance of forgetting you’re logged in as root, less chance of typing something incorrectly at the console.
Sudo comes into its own when you need to run something as root inside a user’s shell script (or via an alias). That’s not only convenient, it is also less error-prone to typos - you can precisely allow just what is necessary and nothing else.
If your machine is a home machine, maybe this isn’t a big deal, but for shared machines do you want everyone to know the root password?
Ah, this is what happens when you get too enamored of GUI tools. visudo will do a syntax check on the sudoers file before saving it. That alone is reason never to use a text editor directly on sudoers. At the very least don’t close the su session before checking that you can sudo again.
ObWarStory: There was this system I used to maintain on behalf of The Company without a root password. It was at a client’s site. Then I left The Company. A few months later a guy from The Company calls me up and asks if I had the root password for the system. No, I said, what have you done? I vi’ed the sudoers file and now I can’t get back in. And the client doesn’t know the root password. Ah well, you’ll just have to call up the client and ask them to take the system down to single-user to reset the root password, I said.
> Ah, this is what happens when you get too enamored of GUI tools. visudo will do a syntax check on the sudoers file before saving it.
Well, to be fair to YaST and the never-ending quest to make Linux ready for the desktop ™ it does attempt to validate and it does catch some typos.
I’m old school Unix too, and if I were doing a YaST module I’d (first try to) use visudo (which is known to work reliably) underneath all the pointy-clicky eye candy. I suspect someone has re-invented the wheel.
Actually, on my PC its a # instead of a > … ie …
The BRIGHT RED TEXT THAT READS ‘ROOT #’ also pretty well prevents me from forgetting that I’m logged in as root in a terminal
and indeed, I too have never confused root with that of a regular user. … But I have seen many users (on IRC channel) mess up their sudo on multiple occasions.
I like it that Linux gives you several ways to do things. I’m not saying sudo is a replacement for su, far from it, merely that sudo isn’t pointless.
Suppose you want to give a user root privileges for some task without having them know the root password, that’s a benefit of sudo. I like fine grain security. I don’t want to type the root password when I monitor disk temperatures. I don’t want to type the root password when I grab video using lavrec. I don’t want to type the root password when I safeguard valuable files with “chattr +i”. I like to write scripts to avoid typos, and sometimes I need to be root from such a script - but not for every command in the script - sudo to the rescue every time. And so on.
Other than that, its six of one half a dozen of the other, and personal preference.
I guess those openSUSE guys must know something though, 'cos they think sudo support is worth including in YaST …
it does attempt to validate and it does catch some typos.