[plug] Interesting command that may make root access more fun ..
Lyndon Maydwell
maydwell at gmail.com
Fri May 25 23:52:38 WST 2007
`sudo su [-]`
is the standard way to get root on systems that don't have a root account.
However I think this is a bad way to go about things, as giving sudo
permissions for 'su' is as good as giving the user the root password.
The whole reason sudo was made was to be able to give non-root users
the ability to use /some/ root commands without giving them the kind
of total control that a root user has. This way root could setup the
sudoers file to give access to certain types of commands to different
users or groups. Ie, give users in the 'reboot' group the ability to
restart the system.
"%reboot thishost = NOPASSWD: /sbin/reboot"
I think that if you're heavily administering system-wide changes, you
should probably be doing it from a root account anyway.
I know that the idea of disabling a pure root account was to help home
users to understand not to use root privileges by default, but when
people start doing things like this from ordinary accounts it defeats
the purpose.
My $0.05
More information about the plug
mailing list