Membership in sudo group
Hi,
I practically never use the sudo command on a Linux system. Either I work as a normal user. Or I switch to the root account using 'su -' for administrative tasks. In the rare case I have to work on a Ubuntu server, first thing I do is activate the root account. On a Slackware system, what's the difference between being a member of the sudo group and not being a member? I just experimented a bit, and in either case, a normal user can become root using 'su -'. Cheers, Niki |
Thinking of it. When a user is created, adduser suggests to add the user to a collection of additional groups:
Code:
Press ENTER to continue without adding any additional groups |
Like you (and I suspect a whole lot of other folk) I don't use sudo in favor of su -. I believe, however, that sudo lets you tailor what users can do without access to the root password; you can limit a user to necessary (maybe) tasks without giving away the keys to the kingdom. It's a question of granting permissions to extremely limited activities rather than being able to edit system files and the like, eh?
Hope this helps some. |
Here at work, sudo is used extensively to give people a limited level of administrative access to servers, without the need for divulging the root password.
At home, I use sudo, so that only people in the "wheel" group can use sudo to become root at all (using "sudo -i"). Also, sudo configuration allows me to let mailman create mail aliases on the fly if new a list is being created. I also limit the use of "su" through definitions in the file "/etc/suauth" (read "man suauth"). Eric |
I also use the wheel group to help control who has access to sudo and su as well. Normal users cannot use sudo or su at all unless I make the appropriate entries in sudoers and suauth. or add them to wheel.
|
Quote:
There is a commented-out example rule in the /etc/sudoers file: Code:
## Uncomment to allow members of group sudo to execute any command IMO, it should stay commented out! "someone All=(ALL) ALL" and 'sudo -i', really aren't best-practice use of sudo. Canonical really haven't done sudo's reputation much good by misusing it the way they have. And they've done a lot of novice users a disservice by teaching them bad habits. |
All times are GMT -5. The time now is 09:43 AM. |