| ▲ | throw0101a 2 hours ago | ||||||||||||||||||||||
> Why should something like sudo not be "done" after 30 years? Because new needs arise over time. For example, when I started in IT the "sudoedit" functionality was not present and so allowing someone to do "sudo vi …" would allow them breakout of the editor when it was running as root. With sudoedit you can give people permissions to edit particular files with elevated permissions. > Even OpenBSD gave up and implmented their own simplified replacement (doas). They did not "give up": they found they needed only much simpler functionality shipped in the base OS. For example, sudo has functionality to talk to LDAP (which I've used at multiple jobs over the years), but is not needed for a local-only box. Once you need centralized account and privilege management, doas becomes much less useful. | |||||||||||||||||||||||
| ▲ | groundzeros2015 2 hours ago | parent [-] | ||||||||||||||||||||||
> sudo has functionality to talk to LDAP That is scary! I may need to look more at openbsd | |||||||||||||||||||||||
| |||||||||||||||||||||||