Re: sudoers question
<tomas@tuxteam.de> wrote:
> On Sat, May 13, 2023 at 10:35:31AM +0200, Michel Verdier wrote:
> > Le 12 mai 2023 tomas a écrit :
> >
> > >> > `sudo bash` anyone?
> > >>
> > >> also quicker done with
> > >> su -
> > >
> > > But not the same.
> >
> > Which differences do you see ?
>
> For su, you have to enter the root password. For sudo, there
> are many options, depending on config. Typically you enter
> yours.
>
> Plus, you can configure which commands (and args) can be done
> by whom, based on user id, local or remote, etc.
>
> OTOH the sudo system is way more complex than simple su, so
> there's more place where bugs can hide (it has had actual
> issues, btw).
>
> Security is engineering: always looking for a good tradeoff.
> Not magic.
>
> (That's why I cringe when people around here scaremonger about
> "you NEED to have a password" and things. People should know
> what they are getting into, for sure, but at the same time they
> should take their own decisions).
>
> Cheers
Not to mention that su - uses the --login option, whilst sudo bash
doesn't.
Reply to: