On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote: > "sudo su" and "su" have a fundamental difference, vital in corporate networks: > > The former uses the user's password for authentication and sudoers for > authorization. The latter uses knowledge of the root password for > authorization and authentication. See my other post in this thread. Actually, what you just said about "sudo su" applies only to "sudo". When you run "sudo su", what you are doing is running sudo then authenticating to it, and running su, as root, after you authenticate to sudo.
> On the work servers I enforce "sudo su" Actually, you could just have people use "sudo -i" or "sudo -s" if they want a shell with root access. If they want to run a program with root privileges and the root environment, they can use "sudo -i command". William
pgpWv3MMggLMv.pgp
Description: PGP signature