On 12/12/05 21:16 +0530, Rony Bill wrote:
(???????????????) Revant Nandgaonkar wrote:
what do you want to do with sudo?
remove the bhai line then, I added it myself to make a user access commands without password.
I am trying to learn more about sudo so I can get the basics right. I want to be more secure but I find sudo quite dangerous. I must be wrong about that but thats why I am learning.
I would also like to know how the two events mentioned below differ from each other in security level/hazard.
Situation A: The root never logs in. He uses a user account and for any admin work he does 'su - ', enters root password and carries out the tasks and exits su. He is otherwise a user.
Consider two admins working on the same host. With su, they both know the root password and have full root access.
Situation B: The root never logs in. He uses a user account that also has root level access through the sudoers entry. This appears alarming as, for all the time he is logged in as user, he has the power of root which is as powerful as a root login.
In this case, the user is only allowed to run commands listed in the sudoers file. (S)He does not know the root password, and does not have full administrative access. Used properly, sudo is quite a powerful tool for access control.
Also, commands run with sudo are logged. Commands run with su are not.
Devdas Bhagat