| 1 |
On Monday 01 March 2010 00:57:17 William Hubbs wrote: |
| 2 |
> On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote: |
| 3 |
> > "sudo su" and "su" have a fundamental difference, vital in corporate |
| 4 |
> > networks: |
| 5 |
> > |
| 6 |
> > The former uses the user's password for authentication and sudoers for |
| 7 |
> > authorization. The latter uses knowledge of the root password for |
| 8 |
> > authorization and authentication. See my other post in this thread. |
| 9 |
> |
| 10 |
> Actually, what you just said about "sudo su" applies only to "sudo". |
| 11 |
> When you run "sudo su", what you are doing is running sudo then |
| 12 |
> authenticating to it, and running su, as root, after you authenticate |
| 13 |
> to sudo. |
| 14 |
|
| 15 |
You misunderstand my intent. To get root via sudo, you authenticate using the |
| 16 |
user's Unix account. The emphasis here is on what sudo does, not the intricate |
| 17 |
subtleties of what it does with the subsequent su, or any other variation of |
| 18 |
the same. |
| 19 |
|
| 20 |
I don't want to start a pointless semantic argument on this, just realize it's |
| 21 |
all about sudo and the following "su" is a mere example (other things could |
| 22 |
have sufficed, I used that one) |
| 23 |
|
| 24 |
|
| 25 |
> |
| 26 |
> > On the work servers I enforce "sudo su" |
| 27 |
> |
| 28 |
> Actually, you could just have people use "sudo -i" or "sudo -s" if they |
| 29 |
> want a shell with root access. If they want to run a program with root |
| 30 |
> privileges and the root environment, they can use "sudo -i command". |
| 31 |
> |
| 32 |
> William |
| 33 |
|
| 34 |
|
| 35 |
Don't read my post as literally meaning they must type the 7 characters "sudo |
| 36 |
su". Read it more as "use any feature of sudo you feel like to get a root |
| 37 |
shell, but you must use sudo. As opposed to using su alone". |
| 38 |
-- |
| 39 |
alan dot mckinnon at gmail dot com |
Archives