Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
--- On Fri, 22/5/09, Boyd Stephen Smith Jr. <bss@iguanasuicide.net> wrote:
> From: Boyd Stephen Smith Jr. <bss@iguanasuicide.net>
> Subject: Re: sudo vs. su (was Re: new to list, new to debian, new to linux)
> To: debian-user@lists.debian.org
> Date: Friday, 22 May, 2009, 9:20 PM
> In <[🔎] 857394.80354.qm@web23608.mail.ird.yahoo.com>,
> Glyn Astill wrote:
> >--- On Fri, 22/5/09, Boyd Stephen Smith Jr. <bss@iguanasuicide.net>
> wrote:
> >> It's not equivalent to running as root, since (a)
> you have
> >> to prefix
> >> privileged operations with "sudo", (b) you have to
> re-auth
> >> such actions by
> >> entering your password and (c) your sudo
> credentials will
> >> timeout
> >> automatically after they are not used.
> >
> >Errr, yeah whatever.... Until they just do "sudo su"
> and they're in.
> > ALL=(All) ALL is a bad idea.
>
> Um, no. With 'ALL=(ALL) ALL' they would still have to
> type in their
> password unless they had recently given their
> credentials. If you want to
> you can turn off the caching of credentials, so that sudo
> always asks for a
> password. You can also have it ask for the target
> user's password instead
> of the source user's password, if you like.
>
> 'ALL=(ALL) ALL' is no more dangerous than having the 'su'
> binary available.
>
> The NOPASSWD option is not the default.
No. For su they'd have to enter the root password, for sudo su they'd just have to enter the password of the current user and they are root.
Reply to: