[Wylug-help] Talk request
Gary Stainburn
gary.stainburn at ringways.co.uk
Mon Feb 23 16:57:02 GMT 2004
On Monday 23 February 2004 3:20 pm, Anne Wilson wrote:
[snip]
> >
> > How about something like "101 ways to minimise being root" coupled
> > with the obvious "why logging in as root is a _bad thing_" etc?
This is usually explained quite graphically the first time you run 'rm'
without checking what you've typed.
>
> OK - but what I'm really wanting is something that explains to me why
> sudo is better than su. I presume that it does much the same thing,
> but can do it in different circumstances? I know there are
> implications in allowing other users to do certain root tasks - and
> this is where I run scared, as giving freedoms that I don't
> understand is bad magic :-)
'su' stands for switch user (or super user, doesn't really matter). It
effectively makes you 'root'. The thing about root is that it bypasses much
of the filesystem security in unix. This is a good thing when needed, but a
bad thing at all other times.
sudo is basically a wrapper which allows a user to 'become root' for a single
command. For example
sudo restart_exim
could be a script that simply calls 'service exim restart' which gets executed
by sudo under the 'root' username.
Another good thing about sudo is that by using the config file it is possible
to allow certain groups or individuals to only perform certain tasks.
A good example would be to allow the 'OPS' department access to all the
commands for controlling printers while not allowing them access to anything
else.
>
> Anne
--
Gary Stainburn
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
More information about the Wylug-help
mailing list