[plug] sudo

[Collin Baillie]

Mark Dixon wrote:
>  > I would like it if someone would explain my misunderstanding of why
>  > 'sudo' is considered
>  > good / better / safer than a root account?
> 
>  However if you login as a normal user and have to type sudo in front of 
> commands that require G0d-like power then you tend to type them and get 
> a "permission denied" message which acts as a little reminder that you 
> need to sudo the command and do so with caution.

Maybe a better understanding would be that with sudo, you can restrict 
what processes a user can run through sudo. If someone gets the 
username/passphrase combo of a user who has sudo access to say 'tail -f 
/var/log/messages' then all they can actually sudo is the tail 
operation. They can't sudo 'rm -rf /' or 'echo /etc/shadow' or whatever. 
Of course if you set sudo to give a user ALL privileges to ALL processes 
you've 'potentially' got big problems.

Collin Baillie
-- 
Fast, Reliable, Cheap - Pick any two!

Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird/