| 1 |
On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote: |
| 2 |
> "sudo su" and "su" have a fundamental difference, vital in corporate networks: |
| 3 |
> |
| 4 |
> The former uses the user's password for authentication and sudoers for |
| 5 |
> authorization. The latter uses knowledge of the root password for |
| 6 |
> authorization and authentication. See my other post in this thread. |
| 7 |
|
| 8 |
Actually, what you just said about "sudo su" applies only to "sudo". |
| 9 |
When you run "sudo su", what you are doing is running sudo then |
| 10 |
authenticating to it, and running su, as root, after you authenticate |
| 11 |
to sudo. |
| 12 |
|
| 13 |
> On the work servers I enforce "sudo su" |
| 14 |
|
| 15 |
Actually, you could just have people use "sudo -i" or "sudo -s" if they |
| 16 |
want a shell with root access. If they want to run a program with root |
| 17 |
privileges and the root environment, they can use "sudo -i command". |
| 18 |
|
| 19 |
William |
Archives