On 22 Aug 2006, at 5:30am, Ansgar -59cobalt- Wiechers wrote:
On 2006-08-22 JC Derr wrote:
- sudo doesn't even require enabling the root account.
- sudo uses the users personal password. as such, if you fire an
employee you can selectively reject his sudo access without having to
pass out a new root password to the department.
- sudo logs more thoroughly (or used to, at least; i haven't used
'su' in ages), allowing responsible parties better paper trails when
hunting down malicious or inept users.
- sudo (by default) works one-command-at-a-time, making the user
think a little harder before issuing root commands, hopefully
avoiding possibly fatal errors.
- since sudo doesn't (by default) generate an actual shell, you can't
easily drop into it and walk away, allowing a potential security
breach.
That's several advantages "sudo" has over "su". However, if you re-
read
my question, you'll probably notice that my question was *not*
about the
difference between "sudo" and "su". Instead I was specifically asking
for the difference Simon sees between "sudo -s" and "sudo su".
JC listed them quite neatly for me. While they both give UID 0 the
differences in the logging, in what happens if you accidentally type
the wrong thing, in enabling the root account, and in paying
attention to 'sudoers' make me prefer never to use 'su'. Thank you, JC.
PS to JC: 'www.doce.org' looks like it's not working properly. I
don't know if that's your problem.
Simon
--
Simon Slavin Fylde Building Room C11
Computing Development Officer 01524 65201 x 93569
Psychology Department
University of Lancaster
