Re: su question

[Ben Collins <bcollins@debian.org>]

On Fri, Jul 07, 2000 at 08:55:57PM -0800, Ethan Benson wrote:
> On Fri, Jul 07, 2000 at 05:28:54PM -0400, Ben Collins wrote:
> 
> > sudo alleviates the need for this. I suggest using that where you are
> > interested in an easier method. Also, sudo requires a password just like
> > su, but caches that access. This means that you can use sudo again within
> > like 15 minutes (configurable) without having to type your password again.
> > Plus sudo allows you to use your own password, as opposed to the root
> > password.
> 
> which i think is a bad idea.  if your ordinary user account password
> is compromised its just as bad as a root compromise if you have full
> sudo privleges (sudo bash). if you only use the real su for gaining
> root and performing maintainence then a compromise of your own account
> is not an automatic root.  
> 
> IMHO of course.  

But of course that's why sudo allows you to restrict usage to certain
commands defined in /etc/sudoers. Obviously this limits the compromise
even further. Being able to give certain users access to specific
commands, without giving them the root password, also lessons the result
of a compromise.

su gives you none of this.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'