Mail-followup-to: MacOS X Server List <email@hidden>
User-agent: Mutt/1.2.5i
On 2006-08-22 Simon Slavin wrote:
> On 22 Aug 2006, at 5:30am, Ansgar -59cobalt- Wiechers wrote:
>> On 2006-08-22 JC Derr wrote:
>>> - sudo doesn't even require enabling the root account.
>>> - sudo uses the users personal password. as such, if you fire an
>>> employee you can selectively reject his sudo access without having to
>>> pass out a new root password to the department.
>>> - sudo logs more thoroughly (or used to, at least; i haven't used
>>> 'su' in ages), allowing responsible parties better paper trails when
>>> hunting down malicious or inept users.
>>> - sudo (by default) works one-command-at-a-time, making the user
>>> think a little harder before issuing root commands, hopefully
>>> avoiding possibly fatal errors.
>>> - since sudo doesn't (by default) generate an actual shell, you can't
>>> easily drop into it and walk away, allowing a potential security
>>> breach.
>>
>> That's several advantages "sudo" has over "su". However, if you re-
>> read my question, you'll probably notice that my question was *not*
>> about the difference between "sudo" and "su". Instead I was
>> specifically asking for the difference Simon sees between "sudo -s"
>> and "sudo su".
>
> JC listed them quite neatly for me. While they both give UID 0 the
> differences in the logging, in what happens if you accidentally type
> the wrong thing, in enabling the root account, and in paying
> attention to 'sudoers' make me prefer never to use 'su'.
The only difference in logging that I can see is the command executed by
sudo: /bin/bash in one case, /usr/bin/su in the other. The root account
does NOT need to be enabled for "sudo su" to work, and I entirely fail
to see how "sudo su" would not pay attention to 'sudoers'. I also fail
to see how there's a difference between "accidentally typing the wrong
thing in a root shell" and "accidentally typing the wrong thing in a
root shell".
Could you please actually *READ* a mail before replying to it? Thank
you.
Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
