Book review: Sudo Mastery

If you’ve seen my previous two reviews of Michael W. Lucas’s ‘Mastery’ books – DNSSEC Mastery and SSH Mastery – then you can guess what this will be: his newest book, focusing on a single software topic.  This time it’s sudo.

sudomastery-cover

The one downside of reading this book: I now am aware I’m using sudo wrong.  Perhaps not wrong, but not anywhere near its potential.  Sudo – and I’m not the only person who has experienced this – is used as a “Let’s install sudo so we don’t have to tell anyone the root password”.  Sudo works for that sort of thing, but there’s a lot more possibilities.

Sudo is designed to be deployable across multiple systems, as part of a security policy.  It’s an easy way to create purpose-shaped roles with different users, especially with users that have specialized skills and tasks, like database maintenance.

Obviously I think better of sudo after reading the book; there’s a lot of program capabilities of which I was unaware, but it’s the book that sells them.  Michael W. Lucas’s humor is on display again, to break up some very technical material.  Here’s some bits, pulled out.

Remember that “syntactically valid” is not the same as “does what you want.”

Pressing Q tells visudo to break sudo until you log in as root and fix it. Do not press this button. You won’t like it.

Here I create the TAPEMONKEYS alias for the people who manage backups.

And if Carl tries to configure Oracle on the PostgreSQL server, senior sysadmin Thea needs to have sharp words with him. Probably involving a tire iron.

The book is in-depth enough to cover more complex topics like using sudo and Active Directory, and sudo as an intrusion detection tool, of all things.

The usual reasons to buy a Mastery book are all still there: it specifically mentions working on BSD systems instead of pretending Linux is the only system out there.  It’s available through a DRM-free seller (Smashwords) in addition to Amazon.  It’s a self-published effort, not shovelware.  It’s available now as an ebook, and in physical form soon.  Lucas talks about it on BSDNow 010, too.

I have one last nontechnical note.  Since these Mastery books are working into a series, I’d like to see a whole printed run of visually matching books.  Something with the equivalent of the O’Reilly animals or the Pelican or even Little Blue Books common look and feel.

You know the look even if you don't know the publisher

The takeaway: You should be reading this book if you plan to use sudo in any sort of multiuser environment.  It’s available as an e-book direct from the author, via Amazon, via Smashwords, and possibly Barnes & Noble at some point in the near future.  Physical books are available, and you can buy both forms together, apparently.

And of course this sudo joke.

In Other BSDs for 2013/11/09

Not sure why, but there wasn’t a lot of things this week to pick out.

 

In Other BSDs for 2013/11/02

There’s a surprisingly large list this week.

In Other BSDs for 2013/10/26

Once again, doing this at the last minute:

In Other BSDs for 2013/10/19

I am doing this one at the last minute.  I had all the articles noted, but normally I build this post over the course of the week.

In Other BSDs for 2013/10/12

I got some PC-BSD items this week, too.

Here, there, everywhere for mdocml

Franco Fichtner recently received commit rights for DragonFly.  This is so he could import mdocml, a OpenBSD-originating replacement for groff and man page display.  Mdocml has been mentioned before on the Digest, and there’s a downloadable book.  (See the more-interesting-than-it-sounds History of UNIX Manpages there too, but I digress.)

One advantage of using mdocml, as I understand it, is that groff is no longer required to view man pages.  The only thing left in DragonFly that required a C++ compiler was groff.  So, rebuilding could be a bit faster, and a bit less complicated.

Here’s the part that makes me happy: Changes made in DragonFly promptly made it back into NetBSD’s mdocml.   Other changes rolled from DragonFly back into OpenBSD, too, and mdocml is in FreeBSD 10, though I don’t have a src change to point at right now.  It all circled back around to DragonFly, too.  It’s really neat to have a BSD-grown cross-BSD product.

(Incidentally, if you have a Thinkpad and keyboard issues, Franco has a patch for you to try.)

 

In Other BSDs for 2013/10/05

Less straight source links this week.

Related to DragonFly: Patrick Welche updated glib2 in pkgsrc, and is interested in hearing how it works for DragonFly users.  If you have pkgsrc on your system and it’s not a quarterly release, try building t.