Re: su question
On Fri, Jul 07, 2000 at 08:55:57PM -0800, Ethan Benson wrote:
> On Fri, Jul 07, 2000 at 05:28:54PM -0400, Ben Collins wrote:
>
> > sudo alleviates the need for this. I suggest using that where you are
> > interested in an easier method. Also, sudo requires a password just like
> > su, but caches that access. This means that you can use sudo again within
> > like 15 minutes (configurable) without having to type your password again.
> > Plus sudo allows you to use your own password, as opposed to the root
> > password.
>
> which i think is a bad idea. if your ordinary user account password
> is compromised its just as bad as a root compromise if you have full
> sudo privleges (sudo bash). if you only use the real su for gaining
> root and performing maintainence then a compromise of your own account
> is not an automatic root.
>
> IMHO of course.
But of course that's why sudo allows you to restrict usage to certain
commands defined in /etc/sudoers. Obviously this limits the compromise
even further. Being able to give certain users access to specific
commands, without giving them the root password, also lessons the result
of a compromise.
su gives you none of this.
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: