Discussion on: Is sudo just sudoly safe?

View post

Montegasppα Cacilhας • Oct 14 '20

On macOS, Homebrew requires the /opt/local/ directory (and down there) to be owned by your user, not root.

On GNU/Linux, you can sudo to other users than root. Another user may have permissions over than yours.

For instance, you can use an admin user with some extra permissions, but yet restricted. You run sudo -u admin.

If you need to switch to that user, you run sudo -u admin -i.

Pacharapol Withayasakpunt • Oct 14 '20

So, is it possible to ban sudo? (But not ban sudo -u admin, which is not a real admin, just an installer people.)

Montegasppα Cacilhας • Oct 14 '20 • Edited

If you design properly the system, it’s possible. You’d give writing permissions to admin in specific directories, like /usr/local/ and/or /opt/.

But my advice is another: you can install user-only applications. It goes into the ~/.local/ directory, that must have a subdirectory tree similar to /usr/local/.

That’s how I do.

Montegasppα Cacilhας • Oct 14 '20

In order to enable it, you must add ~/.local/bin/ to your PATH, preferably in the head.

You can add to your ~/.bashrc (if you use Bash):

export PATH="$HOME/.local/bin:$PATH"

Since I use Fish, I got in my ~/.config/fish/config.fish:

set -x PATH $HOME/.local/bin $PATH