[sclug] su/sudo (sounds like a Phil Collins song!)

[Dickon Hood]

On Mon, Jan 16, 2006 at 09:58:30 +0000, darren at davisononline.org wrote:
: A merry Monday to one and all.

Indeed.

: I saw some comment from someone a couple of days ago who mused that "su" was
: pretty much deprecated and everyone used (or should use) "sudo" instead.
: It's not something I've seen much discussion on, but the issues may not
: affect me as a don't administer machines with multiple root users.

: Just wondered what the collective opinion was from this group of sages..

I'm not a great fan of it.  sudo has some entertaining caching mechanism,
where you don't need to retype your password within a certain amount of
time for any given TTY.  The thing is, it isn't always all that bright
about detecting whether you've logged out or not (so to clear that
session's cache entry); there have been occasions where I've logged back
into a machine and been able to sudo without entering my password.  I'm
not sure of the full set of security implications, but it does worry me a
bit.

That said, the world and his dog seem to be moving towards it (eg., MacOS
X and the like expect you to sudo by default), so there must be some good
reason.

-- 
Dickon Hood

Due to digital rights management, my .sig is temporarily unavailable.
Normal service will be resumed as soon as possible.  We apologise for the
inconvenience in the meantime.

No virus was found in this outgoing message as I didn't bother looking.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://lists.tmdg.co.uk/pipermail/sclug/attachments/20060116/4b534158/attachment.bin