On Aug 22, 2006, at 12:21 AM, Ansgar -59cobalt- Wiechers wrote:
I like sudo since it logs the commands. True that it if you switch
the
shell with -s you don't get further logging, but at least you can see
who changed to a root shell.
True, but the same goes for "sudo su", only that the logged command is
"/usr/bin/su" instead of "/bin/bash".
logging aside, it's an escalation of privileges defeats the entire
purpose of 'sudo'.
su asks for the root password and executes any command as root.
sudo asks for your password, does some common sense checking on the
tool you're invoking, on any dynamically linked libraries it uses,
and then invokes it with a stripped down environment to further lower
the risk that any surviving malicious code might present.
'sudo su' subjects only 'su' to this checking, not the shell that is
invoked.
'sudo -s' and 'sudo /bin/bash' subject the actual shell to this
checking.
'sudo -s' is preferred.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
