Quote:
The primary purpose behind sudo is to allow one user to execute an allowed command as a different user without knowing that second users password: su cannot do that. If it could, it would be sudo. To go beyond what has already been said would be to engage in pointless arguing. I stand by what I have said, and that should be enough. |
Quote:
Even if you had only sysadmins on a system, you would still need logging, just logging a trusted users every move is a waste of space that requires unnecessary maintenance over the years. You still need to log remote connections, services, system messages, you just don't need to turn a machine into a Siberian gulag. If you are that keen on allowing users to execute commands that require root access add them to a group that allows that. Or if you really must and you have no way out... configure sudo to ONLY allow that one command (no sudo -i, so remove ALL:ALL) and use something like gresecuity or SELINUX to limit sudo access even further. Otherwise using root + some groups for trusted users is just fine, we have been doing it for years before the creation of sudo. |
ok, this may be my fault...
Why do you insist on misunderstanding what I say? Was I that unclear?
Perhaps I was, so let me try again. Quote:
While early versions of sudo WERE for running a single command as root, it grew well beyond that quickly. The current definition (you can find this on Wikipedia) starts with Quote:
The options on multiuser systems should be obvious. I had thought that the options beyond that on a linux box used for a single user for multiple purposes would also be obvious, but perhaps I was wrong. My point is that it is not 'sudo' vs 'su' at all. They are both tools that exist to solve certain kinds of problems, and they solve different problems well. They should BOTH be available so you can solve those problems with the right tool. |
I should have added that I only use GNU/Linux on a home computer.
|
All times are GMT -5. The time now is 12:39 AM. |