Re: sudo vs. su (was Re: new to list, new to debian, new to linux)

---

• From: Glyn Astill <glynastill@xxxxxxxxxxx>
• Date: Fri, 22 May 2009 21:45:05 +0000 (GMT)

---

--- On Fri, 22/5/09, Boyd Stephen Smith Jr. <bss@xxxxxxxxxxxxxxxxx> wrote:

From: Boyd Stephen Smith Jr. <bss@xxxxxxxxxxxxxxxxx>
Subject: Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
To: debian-user@xxxxxxxxxxxxxxxx
Date: Friday, 22 May, 2009, 9:20 PM
In <857394.80354.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Glyn Astill wrote:

--- On Fri, 22/5/09, Boyd Stephen Smith Jr. <bss@xxxxxxxxxxxxxxxxx>

wrote:

It's not equivalent to running as root, since (a)

you have

to prefix
privileged operations with "sudo", (b) you have to

re-auth

such actions by
entering your password and (c) your sudo

credentials will

timeout
automatically after they are not used.

Errr, yeah whatever.... Until they just do "sudo su"

and they're in.

ALL=(All) ALL is a bad idea.

Um, no.  With 'ALL=(ALL) ALL' they would still have to
type in their
password unless they had recently given their
credentials.  If you want to
you can turn off the caching of credentials, so that sudo
always asks for a
password.  You can also have it ask for the target
user's password instead
of the source user's password, if you like.

'ALL=(ALL) ALL' is no more dangerous than having the 'su'
binary available.

The NOPASSWD option is not the default.

No. For su they'd have to enter the root password, for sudo su they'd just have to enter the password of the current user and they are root.





--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

---

• Follow-Ups:
  • Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
    • From: Mark Shroyer
  • Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
    • From: Boyd Stephen Smith Jr.

• Prev by Date: Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
• Next by Date: Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
• Previous by thread: Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
• Next by thread: Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Dumb question of the week. ... me a blood-red prompt. ... I think that 'root' commands must work without surprises like aliases ... My su and sudo work as defined in the man pages, ... which asks for the root password and then, ... (alt.os.linux.suse) Re: [OT] You are being tracked ... There's no need to type the root password: use sudo. ... passwordless access, which could be a local security concern, and tells ... a keystroke logger on your box is bad news anyway, ... (comp.os.linux.misc) Re: [OT] You are being tracked ... There's no need to type the root password: use sudo. ... a keystroke logger on your box is bad news anyway, ... least half the country blames the Democrats for this. ... (comp.os.linux.misc) Re: sudo never requires a password? ... > How come whenever I do a 'sudo' command I never have to enter a ... > access but don't need a root password by just using sudo. ... Perhaps you don't HAVE a root password. ... To unsubscribe, ... (freebsd-questions) Re: [Off Topic] Re: Linux security ... enabled a root password, ... As was pointed out before users don't care ... Much like OSX. ... With much the same mechanism (OSX also uses a sudo ... (Ubuntu)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Debian  > 2009-05