[Leaplist] sudo vs su

Kevin Korb kmk at sanitarium.net
Mon Jun 1 11:38:02 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On a single user system it has one advantage: Using a single password
instead of one for your account and one for root (which could in fact be
set to the same thing).  Other than that it is just extra typing.

In the professional world it makes even less sense.  Lets say I have a
web server to administer.  All of my activity will need to be done as
root as I am only there to administer the box.  I therefore have 3 choices:

1. Add my ssh key to the root account and don't even bother with making
a user level account.
2. Setup a user level account in the wheel group so I can log in and
then immediately su with the root password.
3. Setup a user level account with sudo ALL access so I can log in and
prefix everything I do with sudo.

Guess which is easier.  In general I setup both option #1 and #2.  That
way I can get in quickly if I need to but if I go in with my user level
account and then su I can have my shell environment without modifying
the root account which other admins might not appreciate.

Jim Hartley wrote:
> Remote logging system???? I don't have a remote logging system. I have
> just my one desktop machine here. In that context, does "sudo" have any
> advantages? I am assuming that **I** am not going to do something stupid
> like "rm -rf /"
> 
> Jim Hartley
> 
> Richard F. Ostrow Jr. wrote:
>> Ok, now that we're actually talking in the right topic, here's the
>> _correct_ answer.
>>
>> su - input not logged, difficult to backtrace what was done in the event
>> of a catastrophic screwup (rm -rf /)
>>
>> sudo - can easily track what was done. Everything put into sudo goes into
>> /var/log/{hostname}/messages of the remote logging system. An 'rm -rf /'
>> would be logged on the remote machine, and I would know *exactly* who was
>> stupid enough to do such a thing, and can make them clean up the mess.
>>
>> I wonder which one is better from an SA standpoint?
>>
>>
> 

- --
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
	Kevin Korb			Phone:    (407) 252-6853
	Systems Administrator		Internet:
	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
	Orlando, Florida		kmk at sanitarium.net (personal)
	Web page:			http://www.sanitarium.net/
	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoj9doACgkQVKC1jlbQAQei9wCgqjUY2+pEcGJ3b2SXLobbCtbS
AzcAoKQFXH7l6kYymWSyXR8+iU13SQmH
=CT/I
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list