The real problem is that there should be at least 2 levels for sudo, one for installing software and...

sinsudo • today at 7:08 AM • 3 replies • view on HN

The real problem is that there should be at least 2 levels for sudo, one for installing software and another that really allows someone to compromise the entire system, both layers should be separate to mitigate risk. At least the most secure layer should allow you to perform secure recovering and diagnosis

Replies

DaSHacka • today at 10:17 AM

More than just two levels for sudo, the Linux permission model is completely broken for this very reason. (Also see: https://xkcd.com/1200/)

Honestly, the Android approach is significantly better. (and for that, see Micay's various ramblings posted online)

lrvick • today at 8:43 AM

You do not need sudo for installing software. Can just install to ~/.local.

Many package managers require sudo, sure, but there is no good reason for them to in a modern linux system, and not all require this.

Even with systemd, you can use systemd --user.

➕ show 1 reply

DonHopkins • today at 8:11 AM

Unix used to have a user named "bin" just for owning all the binaries and performing installs.

➕ show 1 reply

alt Hacker News

Replies