Mail-followup-to: MacOS X Server List <email@hidden>
User-agent: Mutt/1.2.5i
On 2006-08-22 JC Derr wrote:
> On Aug 21, 2006, at 10:45 PM, Ansgar -59cobalt- Wiechers wrote:
>> Huh? What difference exactly do you see between "sudo -s" and "sudo
>> su"? Either one gives you a Shell with (E)UID 0.
>
> while both end up with a root shell, the fundamental way in which
> each does its work makes a significant difference.
>
> - sudo doesn't require giving every root-empowered user the actual
> root password.
What do I need the root password for if I have another way to get UID 0?
> - sudo doesn't even require enabling the root account.
> - sudo uses the users personal password. as such, if you fire an
> employee you can selectively reject his sudo access without having to
> pass out a new root password to the department.
> - sudo logs more thoroughly (or used to, at least; i haven't used
> 'su' in ages), allowing responsible parties better paper trails when
> hunting down malicious or inept users.
> - sudo (by default) works one-command-at-a-time, making the user
> think a little harder before issuing root commands, hopefully
> avoiding possibly fatal errors.
> - since sudo doesn't (by default) generate an actual shell, you can't
> easily drop into it and walk away, allowing a potential security breach.
That's several advantages "sudo" has over "su". However, if you re-read
my question, you'll probably notice that my question was *not* about the
difference between "sudo" and "su". Instead I was specifically asking
for the difference Simon sees between "sudo -s" and "sudo su".
Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
