su or sudo su?
pocallaghan at gmail.com
Mon Oct 18 17:38:20 UTC 2010
On 10/18/10 12:01 PM, Suvayu Ali wrote:
> On Monday 18 October 2010 09:15 AM, James Mckenzie wrote:
>> su - exposes the root password and is generally discouraged. sudo
>> does not but exposes which users have this privilege. Logins
>> through unsecured means should be disabled or very closely
>> controlled. Most SAs now disable or remove unsecure login processes
>> at build time.
> I am not sure how it is insecure, could you elaborate? At least to me
> giving (limited/full) root privileges to an ordinary user seems a lot
> more risky.
> The way I understand it if I have the following in my /etc/sudoers
> %<user_group> ALL=(ALL) ALL
> then there is no difference (other than the logging) between how the
> command is executed as compared to,
> $ su -
> If my understanding is correct, I fail to see the source of the
It's the Principle of Least Privilege. 'sudo' allows the sysadmin to let
specified users execute certain otherwise privileged commands, at a
fairly fine grain of control. Of course letting anyone execute anything
is like no security at all.
More information about the users