On Aug 22, 2006, at 9:35 AM, Dave Schroeder wrote:
No, that is the general advantages of using "sudo" over "su".
That is not the difference between "sudo -s" and "sudo su", which
are functionally equivalent. Neither "sudo -s" nor "sudo su"
require the root account to be enabled/assigned a password, both
let you type the wrong things, neither log beyond the initial
event, and both are allowed by the default sudoers configuratin on
OS X.
(See my previous message for more.)
Please note that these *are* good reasons to use sudo versus ANY
kind of root shell, not just one provided by "su". There are other
ways to get root shells, such as "sudo -s". However, the original
question is about the differences between "sudo -s" and "sudo su",
because some people always say "if you need a root shell, use 'sudo
-s'; you should never use 'sudo su'", and that doesn't make any
sense. Both do the same thing (essentially, with the exception of
the difference I noted in my previous message), neither log, and
neither require the root account to be enabled.
sure....
'sudo su' spawns three processes.
sudo, su, then the shell.
'sudo -s' spawns two.
from a security standpoint, that's fewer points of failure.
