commands as super-user

Karl Larsen k5di at zianet.com
Fri Jan 4 22:50:57 UTC 2008


Tommy Reynolds wrote:
> Uttered Karsten Wade <kwade at redhat.com>, spake thus:
>
>   
>> You lose a layer of security auditing, but make the user's life much
>> easier.  Then we can teach either the 'su -' or 'su -c "/bin/bash"'
>> methods.
>>     
>
> With respect: bosh.  Root login is the ultimate evil.  On a multiuser
> system you can't tell which root did what.
>
> But sudo is important on a single-user system because:
>
> 1)  "su -c" can introduct some fancy shell quoting requirements.
>     Don't peek and tell me where the 'su -c "mkdir ${HOME}/foo"'
>     command makes a directory.  Not novice-friendly.
>
> 2)  there is no record of what was done by the "su -c" command and
>     this makes error recovery more difficult.  I know what I *meant*
>     to type, but what did I *actually* type?
>
> 3)  Easier to learn the correct habit than unlearn a bad one later.
>
> A single paragraph / appendix what boils down to:
>
>    # echo "${USER} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
>
> doesn't seem too onerous.
>
> Cheers
>   
    All your concerns are based on the fact every user of a multiuser 
Linux has the root password. This is only the case when there is just 
one user. So a plain user can try su c but it will not work.

Karl


-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.
   PGP 4208 4D6E 595F 22B9 FF1C  ECB6 4A3C 2C54 FE23 53A7




More information about the fedora-docs-list mailing list