On Sunday 28 February 2010 07:06:43 ubiquitous1980 wrote: > Nikos Chantziaras wrote: > > On 02/28/2010 05:57 AM, ubiquitous1980 wrote: > >> If I have logged in through sudo such as $ sudo su, when I then use man > >> pages, they are covered in "ESC". This does not occur when using normal > >> user accounts or the root account through su. Wondering what is going > >> on. Thanks. > > > > Some ENV variables are unset by sudo. > > > > But anyway, "sudo su" makes zero sense :P > > sudo su makes sense if you want to use the root account while having the > root account locked. Some, like Ubuntu, do it for security reasons. > Not sure if they are valid, but I thought I would put this little > problem out there for someone to make comment on.
I use "sudo su" a lot,a nd make it available to other root users on my servers. It all makes perfect sense it the context of: 1. The password for the root account is secret. Changing it is a real ball- ache, something not undertaken lightly. 2. The password is know to very very few persons, and ideally would be kept in a locked safe needing signed CTO approval to open it. 3. I have a provisioning system that deploys user, their keys and password hashes. 4. The person running "sudo su" is authorized to do so, so he gets root. There's an audit trail too as not just anyone can get to my remote sysloggers. 5. When someone leaves, in the old days we had to manually change 100+ root passwords, and of course always forget at least one. Now I run one command on my user provisioning system and within 30 minutes that person's access is gone, and I can guarantee a) it's gone everywhere b) there are no back doors 6. Not all OSes out there support sudo -i So in the context of multi-admin servers, sudo su (or sudo -i if you will) make perfect sense, and su far less so. -- alan dot mckinnon at gmail dot com
