On Tue, Apr 8, 2008 at 3:09 PM, James G. Sack (jim) <[EMAIL PROTECTED]> wrote:
> Doug LaRue wrote:
> > ** Reply to message from "James G. Sack (jim)" <[EMAIL PROTECTED]> on Tue,
> 08
> > Apr 2008 14:21:38 -0700
> >
> >> What is the effective difference in terms of security?
> >
> > /var/log/auth.log
> >
> > all sudo commands( logins, failed attamps, commands run, etc ) are
> > all logged there. But then again, I don't know if or where root logins
> > and commands/failures/etc get logged on other systems.
> >
>
> Ahh, thanks Doug. I forgot to mention that. Having a complete log of
> commands executed via sudo is another benefit of sudo vs running from a
> root shell. This is particularly valuable on servers admin'd by multiple
> users with sudo rights. Even on a home system, it may turn out handy.
>
> DJA- if you are asking whether there are differences in what can be done
> via sudo compared to via a root shell -- that's what sudoers can
> control. See
> man sudoers
>
> The file /etc/sudoers has some helpful comments within, but I'm sure
> there must be [ie, I haven't looked, though] some good tutorials on
> configuring sudoer as well.
The amount of helpful comments in /etc/sudoers depends on which Linux
distribution you have. Some of them are pretty well stripped.
Sudo was developed by Evi Nemeth's group of sysadmins and a moderate
amount of information can be found in one of the {Linux,Unix}
Administration Handbooks, by Nemeth, Snyder, et al.
carl
--
carl lowenstein marine physical lab u.c. san diego
[EMAIL PROTECTED]
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
