Web lists-archives.com

Re: Adding/modifying users under MATE DE

David Wright wrote: 
> On Tue 05 Feb 2019 at 08:21:16 (-0500), Greg Wooledge wrote:
> > On Mon, Feb 04, 2019 at 08:21:40PM -0700, Thomas D Dial wrote:
> > > When in doubt about questions like this it often is helpful to consult
> > > man pages, which often are available on the Web if you don't want to
> > > install the necessary packages that includes them. In this case, if sudo
> > > is installed, the man page for sudo also will be there, probably along
> > > with those for sudoers and visudo, although I could be wrong about the
> > > last.
> > 
> > The sudoers(5) man page is ridiculously complex, as is the format of
> > the /etc/sudoers file.  For 99% of Debian users, it's also completely
> > unnecessary to know it.  Just make sure your primary user account is in
> > the sudo group, and you will be able to run ANY command with sudo, being
> > prompted for your password if you haven't used sudo on that terminal
> > in the last few minutes.
> Sure, but what's the difference between that and opening an xterm with
> (the overspecified)   /bin/su -   where you don't have to keep typing
> a password every few minutes.

sudo doesn't require you to know the root password, only your
own password. So if you share sysadmin duties with a team of
people, none of them need to know the root password (which can
be set to something very long, written down, put in a safe
deposit box, and not thought about again until your calendar
reminds you to double check it). 

sudo also allows you to grant certain users the right to run specific
commands with the privileges of other users, again verifying themselves
with their own passwords. Say you have some software which must
be run as a particular user, but you want several people to be
able to use it. Don't give them the special user's password;
give them all the right to run it via sudo, and don't give them
other privileges.

If it's a single-user machine, you can just remember the root
password and use su -- unless you use sudo at work, in which
case, keep using sudo everywhere.