1 |
On Monday 01 March 2010 00:57:17 William Hubbs wrote: |
2 |
> On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote: |
3 |
> > "sudo su" and "su" have a fundamental difference, vital in corporate |
4 |
> > networks: |
5 |
> > |
6 |
> > The former uses the user's password for authentication and sudoers for |
7 |
> > authorization. The latter uses knowledge of the root password for |
8 |
> > authorization and authentication. See my other post in this thread. |
9 |
> |
10 |
> Actually, what you just said about "sudo su" applies only to "sudo". |
11 |
> When you run "sudo su", what you are doing is running sudo then |
12 |
> authenticating to it, and running su, as root, after you authenticate |
13 |
> to sudo. |
14 |
|
15 |
You misunderstand my intent. To get root via sudo, you authenticate using the |
16 |
user's Unix account. The emphasis here is on what sudo does, not the intricate |
17 |
subtleties of what it does with the subsequent su, or any other variation of |
18 |
the same. |
19 |
|
20 |
I don't want to start a pointless semantic argument on this, just realize it's |
21 |
all about sudo and the following "su" is a mere example (other things could |
22 |
have sufficed, I used that one) |
23 |
|
24 |
|
25 |
> |
26 |
> > On the work servers I enforce "sudo su" |
27 |
> |
28 |
> Actually, you could just have people use "sudo -i" or "sudo -s" if they |
29 |
> want a shell with root access. If they want to run a program with root |
30 |
> privileges and the root environment, they can use "sudo -i command". |
31 |
> |
32 |
> William |
33 |
|
34 |
|
35 |
Don't read my post as literally meaning they must type the 7 characters "sudo |
36 |
su". Read it more as "use any feature of sudo you feel like to get a root |
37 |
shell, but you must use sudo. As opposed to using su alone". |
38 |
-- |
39 |
alan dot mckinnon at gmail dot com |