As you point out this is not the case, and this is very important
when creating scripts and jobs that "run as root." Clearly you've
seen cases where "this ran fine when I sudo it but doesn't run as
root" before.
The only real difference, on a default OS X installation (and,
frankly, almost anywhere else you can do "sudo -s" or "sudo su") is
that "sudo -s" uses the SHELL environment variable when it gives you
the root shell, whereas "sudo su" would use root's shell.
Also recall it is possible to use sudo to run as users other than
root, with the accompanying choices of shell.
You can also sudo directly into shells, e.g., "sudo tcsh". The end
result is that you have a root shell, and though I'm sure others
will argue, there really is no practical difference between the end
results of either "sudo -s" or "sudo su". (To reiterate, since I've
seen this mentioned several times in the past as a rebuttal: using
"sudo su" DOES NOT require the root account to be enabled/assigned a
password! So that is NOT a reason to not use it. The only reasons
people end up giving for not using "sudo su" (or using "sudo -s"
instead) seem to be dogmatic ones.
This is a tenable stance if you have sudo configured to permit only
certain commands.
One legitimate reason is that if you're used to a particular shell,
or you are running commands dependent on the shell, "sudo -s" will
keep the shell currently in use. If you end up in another shell,
commands you run that are dependent upon the shell could have
unexpected results, or worse, get interpreted in a way you didn't
intend. However, as long as you're aware of what you're doing, there
is nothing wrong with using "sudo su".)
Likewise each can have a role when troubleshooting how things are executed.
(Now, some people say using EITHER is a "bad thing". I disagree, and
this is one of those almost-religious issues. If I'm going to do a
bunch of stuff as root on a personal system, I give myself a root
shell. I am cognizant enough of the fact I'm "root" to (hopefully)
not screw up. Now, if I do this in a logged or audited environment,
I prefix everything with sudo, because use of a root shell is either
disallowed via conventional means (depending on the system), or any
use of a root shell without justification could be called into
question.)
These are best addressed in one's security policy. They are not
technical issues as you point out.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.ustsvs.com/
email@hidden http://www.iwiring.net/
1-714-363-1174
"The wise man doesn't give the right answers, he poses the right
questions." -- Claude Levi-Strauss
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
