On Sun, Jun 10, 2001 at 10:25:23PM -0700, Mark Wagnon wrote: > On 06/10/01 17:37:44 -0400, Jonathan D. Proulx wrote: > > You don't need to be root, using "sudo" is fine. If you don't know > > what sudo is, install it and read the man page then ask here, it's > > *very* useful. > > I've never used sudo. Whenever I need to do something as root, I use > su. What's the difference? Is one better/more secure than the other?
That is a topic of much debate. In general, I fall on the "sudo is evil" side of the fence, but the basic arguments are: pro-sudo: It allows you to give limited root access to certain users without requiring that they know the root password. This allows you to distribute administrative tasks to various people without giving them full control of the machine. anti-sudo: It allows you to give limited root access to certain users without requiring that they know the root password. This allows an attacker to obtain elevated privileges on the machine by discovering only a user password instead of requiring that they find both a user password and the root password. IMO, one well-controlled point of vulnerability (the root password) is preferable to several uncontrolled points of vulnerability (user passwords). The only time I think sudo is worthwhile is on a multiuser machine where all admin power cannot. for whatever reason, be concentrated in a single person. And even then, you have to be very careful about what commands you allow to be run through sudo - if you can open a shell from something run under sudo, you've got a fully-empowered root shell, easy as that. -- That's not gibberish... It's Linux. - Byers, The Lone Gunmen Geek Code 3.12: GCS d? s+: a C++ UL++++$ P++>+++ L+++>++++ E- W--(++) N+ o+ !K w--- O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv+ b+ DI++++ D G e* h r y+