[winswitch] [Parti-discuss] WinSwitch install instruction errata for debian based systems

Antoine Martin antoine at nagafix.co.uk
Sun May 15 13:10:12 BST 2011


Hi David,

Note that you sent this to the parti/xpra mailing list, and not 
winswitch's. I am cross-posting so those who are interested can follow 
it up there but please remove parti-discuss when replying as this is not 
related to the partiwm project.

Now, about the use of sudo: although I understand your concerns, my goal 
is to keep the instructions readable and simple.
Those like you who do not wish to run the 3 lines of shell as root 
should be able to work out where (gk)sudo needs to be added instead.

I much prefer telling the user in clear steps what is going on (ie: 
become root) so they can use whatever alternative they want (su, ssh, 
"terminal as root", etc), rather than forcing them to use sudo 3 times. 
I guess it is also a matter of personal taste.

my 2p: people who erase filesystems with typos should not have root 
access. Similar story for those who do not exit the root shell.

Cheers
Antoine



On 15/05/11 13:41, David Godfrey wrote:
> Hi Antoine
>
> On page http://winswitch.org/downloads/debian-repository.html
> specifically on
> http://winswitch.org/downloads/debian-repository.html?dist_select=maverick
> you state.....
> All the instructions below must be run as root, so open a terminal and
> become root:
> sudo su -
> Then you go on to give the commands that should be run.
>
>  From an administrators perspective I would prefer to see each command
> run with sudo.
> So you would end up with
> |Step 1: Import the packager's key:
> wget -O - http://winswitch.org/gpg.asc | sudo apt-key add -|
> Step 2: Maverick Meerkat (10.10)
> echo "deb http://winswitch.org/ maverick main" > sudo tee -a
> /etc/apt/sources.list.d/winswitch.list;
> sudo apt-get update;
> sudo apt-get install winswitch
> There are a number of reasons for this, including the fact that on many
> modern systems there is no root password so, as you have done you need
> to use sudo anyway.
> In a secured environment (yes even small business and domestic where
> there are kids about) is would be common enough to find that su can't be
> run with sudo, because while you may allow a user to do various tasks as
> root you normally prevent them becoming root.
>
> A good reason to use sudo in this case is the wget command.
> While the "|apt-key add" needs to be run as root, I don't believe that
> any command that retrieves information from a webpage or similar should
> EVER be run as root.
> Not that I know of any exploits in wget, but the potential is there, and
> it could be disastrous.
>
> |In my mind the most important reason to use sudo for each command is
> simple....
> you can't forget to relinquish root privileges, while if you are using a
> root terminal, it is all too easy to continue using it long after you
> should. Potentially doing harm to the installation.
>
> I am on this soapbox because of exactly that scenario, I have just spent
> about 14 hours recovering a customers system (forensic level recovery)
> after they followed someone's instructions to become root before running
> a series of commands.
> The intended use of the root terminal complete they continued to use it
> for other tasks and due to a simple typo erased half of their system,
> including all of there data.
> It wouldn't have been so bad, but at the time they had their backup
> connected and damaged that as well!
>
> I'll get off of my soapbox now.
>
> Of course these same notes can likely be applied to any other
> distribution that has sudo available too.
>
> Regards
> David G
>
>
>
> _______________________________________________
> Parti-discuss mailing list
> Parti-discuss at partiwm.org
> http://lists.partiwm.org/cgi-bin/mailman/listinfo/parti-discuss




More information about the shifter-users mailing list