1 |
On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote: |
2 |
> "sudo su" and "su" have a fundamental difference, vital in corporate networks: |
3 |
> |
4 |
> The former uses the user's password for authentication and sudoers for |
5 |
> authorization. The latter uses knowledge of the root password for |
6 |
> authorization and authentication. See my other post in this thread. |
7 |
|
8 |
Actually, what you just said about "sudo su" applies only to "sudo". |
9 |
When you run "sudo su", what you are doing is running sudo then |
10 |
authenticating to it, and running su, as root, after you authenticate |
11 |
to sudo. |
12 |
|
13 |
> On the work servers I enforce "sudo su" |
14 |
|
15 |
Actually, you could just have people use "sudo -i" or "sudo -s" if they |
16 |
want a shell with root access. If they want to run a program with root |
17 |
privileges and the root environment, they can use "sudo -i command". |
18 |
|
19 |
William |