If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.
Doing this every day just to open email is understandably fucking enraging even to me as a security “”“engineer”“”/analyst/${bullshitblueteamemailreaderjob}
Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever
run0 sudo su <reverse shell bs here>
to bypass all protections.I will use it. I don’t care what others think. People can use su, sudo, doas, run0 by their choice, and I don’t see why we need a common opinion about it.
I’ll stick with doas
doass
Speaking of doas, is there any advantage of using it when… sudo is still available to be used? I agree that most of the stuff we require to use doesn’t need all the options sudo as, but if it is for the sake of security, maintenance, and stability… is there any reason to use doas ON TOP of the already setup sudo or su? In the past, I even tried to just apply a simple alias to replace sudo with doas, but numerous scripts and programs when trying to request explicit super-user permissions, just didn’t know what to do with doas as expected, so this ain’t it.
Speaking of doas, is there any advantage of using it when… sudo is still available to be used?
I like that its configuration file is very very simple.
When was the last time you had to edit sudo configuration file ? Same goes for doas. It’s has nothing going for, for the majority of desktop Linux users (from what I got as an answer)
A month ago or so to be able to use zramen without root password.