Re: su or sudo su?

Tomas Hajek <thajek@xxxxxxxxxxxxx> wrote:
(BTW, I know that I'm breaking threads, don't complain to me, complain to Earthlink.)

I have to disagree with "sudo su - is stupid."

Given all of the information in this thread and rethinking my position, I have to agree. You can block this if needed in the sudoers file. Thus a user with sudo privileges could (in theory) be denied the ability to run su.

If it serves a purpose (as it does for me and others I work with) then I don't see it as being stupid.

Can I use "su -", sure I can but then I have to remember roots password (do I know it yes, am I allowed to work as root,
yes) but I almost always start working as my regular user and it's far easier and quicker for me to do "sudo su -" (and
enter my password) then it is to use "su -" ( and try to hunt down the root password, we probably have hundreds of
different root passwords depending on which system it is and who admins it ).

One caveat: Your user account should have as strong or stronger password than root. Also, there are somethings in UNIXy systems that can only be done from console and as root (or let's put it this way, should be done.) I know of users that pick weak passwords and then wonder 'what happened' when they are rooted through that account. Best Security Practices at all times. These can be googled, so I won't go there (and to save folks tons of bandwidth.)

[rest deleted]

Thank you Tomas for your insight.

James McKenzie


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Relevant Pages

  • Re: [opensuse] My root password has changed!
    ... password not roots, surequires roots password. ... Still on 10.1 and sudo requires root's pswd. ... # This allows use of an ordinary user account for administration of a freshly ... Only use this together with 'Defaults targetpw'! ...
    (SuSE)
  • Re: su or sudo su?
    ... I have to disagree with "sudo su - is stupid." ... If it serves a purpose then I don't see it as being stupid. ... This also helps when the admin recently changes roots password and forgets it or had caps lock on or some other goofy thing (I know, ... To unsubscribe or change subscription options: ...
    (Fedora)
  • Re: Cant get gksudo to work for non-root user
    ... If you are running X as "russell", the system will complain if you try to ... run an X app as another user (the other user does not "own" the X ... session on display:0, and is not authorised to connect to the X server ... "sudo -u dashboard echo foo", for example, ...
    (Ubuntu)