<quote who="david"> > All of which doesn't quite answer my original question, which was > (restating it slightly): > > This is a server, only I access it, and everything I do on it is done as > root. I ssh [EMAIL PROTECTED], then su - > > So what is the advantage of su -i over simply activating the root account?
a) sudo lets you grant capabilities beyond just root. Some of the boxes I do mailman administration on, I have no root access whatsoever, but I *can* run stuff as the list user. I just "sudo -u list ..." - this is configured in the sudoers file (you edit it by typing visudo, which checks the syntax of your changes before it lets you save it). This is extremely helpful when you have a team of admins, or users who need particular capabilities but should not have root. b) sudo will log your actions (unless you do sudo -i or sudo -s -H), which is also inordinately important in team administration environments, but I've found it exceedingly useful on my personal servers too. Instead of wondering what I did to screw things up, I can read the command history! c) No root password. I don't *want* a password to my all-knowing-all-rooting account. I want it locked off, and I want to know exactly who is using it. If I don't have a root password, I *can't* misconfigure my machine to allow root logins from the outside (or the console), and I *can* make sure every time superuser (or other capability-raising/changing) commands are executed, I can find out who got there (and sometimes, because of that, how). I've used sudo forever for 'enterprise' sysadmin. It only makes sense that if 'enterprises' get all the benefits of awesome advances in consumer tech that we get the few good things that come out of the 'enterprise'. ;-) - Jeff -- linux.conf.au 2007: Sydney, Australia http://lca2007.linux.org.au/ "On Tuesday I saw Crouching Tiger, Hidden Dragon with Zack and two ladies whom I presume are gracious." - Seth Schoen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
