On Fri, Jul 07, 2000 at 08:55:57PM -0800, Ethan Benson wrote: > On Fri, Jul 07, 2000 at 05:28:54PM -0400, Ben Collins wrote: > > > sudo alleviates the need for this. I suggest using that where you are > > interested in an easier method. Also, sudo requires a password just like > > su, but caches that access. This means that you can use sudo again within > > like 15 minutes (configurable) without having to type your password again. > > Plus sudo allows you to use your own password, as opposed to the root > > password. > > which i think is a bad idea. if your ordinary user account password > is compromised its just as bad as a root compromise if you have full > sudo privleges (sudo bash). if you only use the real su for gaining > root and performing maintainence then a compromise of your own account > is not an automatic root. > > IMHO of course.
But of course that's why sudo allows you to restrict usage to certain commands defined in /etc/sudoers. Obviously this limits the compromise even further. Being able to give certain users access to specific commands, without giving them the root password, also lessons the result of a compromise. su gives you none of this. -- -----------=======-=-======-=========-----------=====------------=-=------ / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=========------=======-------------=-=-----=-===-======-------=--=---'
