LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-18-2004, 10:17 AM   #1
lesleyb
Member
 
Registered: Sep 2003
Distribution: Debian, OpenBSD 3.9 & 3.7
Posts: 79

Rep: Reputation: 17
Sudo, su and root


Hi all

What's the difference between using sudo or su or logging in as root while connected to the Internet?

Regards

Lesley
 
Old 10-18-2004, 10:50 AM   #2
iceman47
Senior Member
 
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
man sudo > 1;man su > 2; diff 1 2

no, logging in as root is just plain stupid because everything you'll do, will be executed as uid 0.
That's the point of using sudo or su only for specific tasks that need uid 0.
 
Old 10-18-2004, 11:27 AM   #3
cyph3r7
Member
 
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238

Rep: Reputation: 30
sudo also allows fine grained access controls to users which allows them to only run the "root" commands you choose.

Great product to use when you have split duties on servers such as a web team that just handles Apache and then the SysAdmins who control the box. You can allow the Web Team "root" ability on commands they need to perform their duties.
 
Old 10-18-2004, 02:36 PM   #4
lesleyb
Member
 
Registered: Sep 2003
Distribution: Debian, OpenBSD 3.9 & 3.7
Posts: 79

Original Poster
Rep: Reputation: 17
lol iceman re the man pages.

I have read up on sudo and how you can use it to finegrain access
even down to different arguments for commands e.g. 'make' versus 'make install'
the latter requiring uid 0 when really installing in the main system instead of installing
locally to one's own area.

I have also read that allowing ALL privileges in any sudo account means that you then need to protect that account the same way you would protect the root account i.e. not use that account when on the Internet etc.

sudo is my favourite means of doing anything uid 0 oriented but setting up that fine grain access can be a bit of a pain in the neck for a home system where the user might well be the sys admin and the web developer and the tea maker and the developer and the cleaner.

There are a few tasks that need root access on a home system.

This might sound like a flippant question but it's not meant to be. Having uid 0 means that you can do an awful lot of things that you can't do as a normal user. But if you are tucked up behind some iptables, chkrootkit regularly and any connection that you didn't initiate is dropped at iptables then what's the beef with how you get to uid 0 status?

(Not that I do anything logged in as root while on the Internet... nor anything much as root anyway ... I've an account set up to do a lot of admin tasks and as I have control over my system I can visudo as and when I need it.).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sorry, sudo must be setuid root kurtdriver Fedora 6 10-22-2008 08:47 PM
Can't perform root command by using Sudo acbenny Linux - General 6 05-07-2008 09:19 PM
How to hack sudo to become root lewkh Linux - Security 5 01-08-2005 07:20 AM
root password doesn't work when I use sudo ... bucovaina78 Linux - Security 5 11-10-2004 03:50 PM
SUDO as *non-root* user spratty Linux - Newbie 3 05-19-2004 04:35 AM


All times are GMT -5. The time now is 07:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration