On Wed, Sep 13, 2000 at 08:56:32PM -0700, Bob Nielsen wrote: > > I use sudo, logged in as a regular user. It's generally considered a > security risk to be logged in as root, and a bit less of a risk to use > sudo or fakeroot.
well it depends on how you setup sudo, IMO letting your non-privileged account run anything as root via sudo is a bad idea. it essenially turns your non-privileged account password into the root password. sudo bash yeck. sudo is nice for stuff that needs root privileges but by itself cannot be exploited to do anything evil, like run a shell. > Funny, but 'sudo echo $PATH' gives the $PATH of the user, but 'sudo > whoami' says root. sudo does access the binaries in /usr/sbin, which > are not in the user's $PATH. sudo uses a hard coded PATH to locate binaries it does not use your or root's PATH. (it never loads root's environment at all). -- Ethan Benson http://www.alaska.net/~erbenson/
pgpipRrjIIeni.pgp
Description: PGP signature
