SUDO
Broekman, Maarten
Maarten.Broekman at FMR.COM
Mon Jun 22 19:00:27 UTC 2009
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mark
> Sent: Monday, June 22, 2009 2:28 PM
> To: General Red Hat Linux discussion list
> Subject: Re: SUDO
>
> Hike wrote:
> > Why?
> >
> > If the user knows the root password, there is no need.
>
> Ok, let me explain further. We're not talking home systems,
> we're talking
> corporate. And no, *not* everyone knows the root password.
> In fact, using sudo
> su - means they do not have to know it.
Even in a corporate setting there is no need to set up "sudo su -" or
"sudo su - root". You set up sudo to allow "sudo bash" to be run as the
appropriate user (root or otherwise).
> > If sudo is cofigured correctly, there is no need to "su -
> root" since
> > the user can already run the needed commands.
>
> That depends. Some users - presumably admins - can be
> configured to allowed to
> run only certain commands. Others may need less limited use,
> and it can be a
> lot easier if they can get to root; for example, when I'm
> going to look at
> logs, and only root can read them, or even look in some
> directories under
> /var/log, it's a *real* pain to sudo view every single log.
Yes. If you only need read access, you configure selinux to allow it or
you configure sudo to allow you to "more /var/log/*" (or less if that's
your preference). If you actually need shell access, you allow "sudo
<shell>".
--Maarten
More information about the redhat-list
mailing list