Mail-followup-to: MacOS X Server List <email@hidden>
User-agent: Mutt/1.2.5i
On 2006-08-22 Josh Wisenbaker wrote:
>> On 2006-08-22 Simon Slavin wrote:
>>> On 22 Aug 2006, at 3:49am, Nate Rudd wrote:
>>>> sudo su root
>>>
>>> Argh. That is a horrible combination.
>>>
>>> OS X has always worked better with 'sudo' than 'su'. There are
>>> security issues surrounding both applications, but 'sudo' is better
>>> designed and more secure in the situations that you would find most
>>> OS X computers set up for. 'sudoers' does its job properly under OS
>>> X (or, at least, it did in the last version I examined).
>>>
>>> I normally recommend that OS X people never use 'su'. You can use
>>> 'sudo' for single instructions, 'sudo -s' for entire sessions with
>>> different privs, and 'sudo -u' for non-root. All three are more
>>> secure, for a normal setup, than the equivalent 'su' would be.
>>
>> Huh? What difference exactly do you see between "sudo -s" and "sudo
>> su"? Either one gives you a Shell with (E)UID 0.
>
> I like sudo since it logs the commands. True that it if you switch the
> shell with -s you don't get further logging, but at least you can see
> who changed to a root shell.
True, but the same goes for "sudo su", only that the logged command is
"/usr/bin/su" instead of "/bin/bash".
cu
59cobalt
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
