On Mon, 18 Aug 2003, Adams, Gavin wrote: > > "sudo su -" is kind of a stange thing to do. You would probably be > > better of doing "sudo bash" as it also will give you a bash prompt > > with root login. > > Good point on Linux/BSD boxen. My sudo 'training' days came from AIX and > Solaris. :)
I am missing something as to it being a 'good point'; I disagree, and consider the first formulation more cautious. -- The reason for the '-' after the su is to clear out a potentially hostile user environment (path, aliases, and the like). A clever malicious user can 'booby-trap', say, 'ls' and tell an admin that they cannot delete a file. Admin wanders over, and runs ls which acts normally, as it notices root privs are not present. Admin runs 'sudo su' up to root, and re-runs 'ls' command which notices the root auth, and adds a backdoor or three ... game over. Properly configured, 'sudo' should not have worked from a non-authorized user's account, but misconfig's happen. Indeed, even from a sudo authorized user's account, a person someimes steps away from console without locking it. Without clearing the environment and path, an incautious admin using 'sudo bash' is more likely to lose control of their hosts. -- Russ Herrold _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
