It has been typical of other UNIXes in the past that su was owned by group "wheel" and you would put users that you wanted to be able to su into group "wheel" as well. The default configuration in my Debian is for su to be world readable/exectuable. Distro laziness favours the crackers, I'm afraid. :-)
I've never configured or used sudo myself, but from what I remember, sudo is intended to permit certain users to execute a certain set of commands as the root user. That way, you don't have to give the root password to these users. As well, these users can only execute the specified commands as the root user--instead of the system being completely wide open to them. After you have provided the root password to one of your users, it is difficult to revoke root access--even if you change the password. For example, I could create my own backdoor: I could create my own copy of the bash shell from source code with a SUID root command inserted somewhere. I simply compile it, make sure its owner is root, and stick it in some esoteric location where it is unlikely to be found. Presto. The superuser changes their password, but that won't stop me; I have root access everytime I run my special copy of bash. It is a good thing that I still use my powers for good--and not for evil. Mwahahahaha. :-) Sean Dockery SBD Consultants Certified Java Web Component Developer Certified Java Programmer Certified Delphi Programmer [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> http://www.sbdconsultants.com <http://www.sbdconsultants.com> (403) 860-2534 -----Original Message----- From: Aaron J. Seigo [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 11:29 AM To: [EMAIL PROTECTED] Subject: Re: (clug-talk) strings command -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 02 January 2003 07:34, Bogi wrote: > Users can not su to root the less they are in the suduers list, which they > are not by default. You have to login as root ... hrm? sudoers controls the behaviour of the sudo command. you can switch user (su) regardless of what's in the sudoers file. - -- Aaron J. Seigo GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 "Everything should be made as simple as possible, but not simpler" - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+FdZp1rcusafx20MRAsMKAJkB0O1OFbaiwXzFOIA4klhffOJS7ACdFo9N RNI0XgRE6PM5jMd9J/pGaOo= =NufZ -----END PGP SIGNATURE-----
