su or sudo su?
Tom H
tomh0665 at gmail.com
Tue Oct 19 15:33:05 UTC 2010
On Tue, Oct 19, 2010 at 9:49 AM, James Mckenzie
<jjmckenzie51 at earthlink.net> wrote:
> Tomas Hajek <thajek at kettering.edu> wrote:
>>I have to disagree with "sudo su - is stupid."
> Given all of the information in this thread and rethinking my position, I have to agree.
> You can block this if needed in the sudoers file.
> Thus a user with sudo privileges could (in theory) be denied the ability to run su.
If a user can sudo to root, he/she can run su, at the very least
through the "-i" and "-s" options.
> There are somethings in UNIXy systems that can only be done from console and as root.
I've never tried disabling root in Fedora, but you're logged in as
root in recovery mode in Ubuntu (and Debian if you disable root) - so
you can be root at the console through sudo or runlevel S without
having an explicit root login.
More information about the users
mailing list