[lug] sudo better than su (was: Using consoles)
Kirk Rafferty
kirk at fpcc.net
Wed Sep 29 10:55:52 MDT 1999
On Wed, 29 Sep 1999, PC Drew wrote:
> first of all...don't telnet, use ssh. Secondly, you should never ever ever
> send your root password across the wire. If you want to login as root, use
> "sudo su -". That will create a sudo "wrapper" around the "su -" command.
> That way you'll be logged in as root, but still have all of the benefits of
> sudo (i.e. logging!!). Also, you won't have to send your root password
> across the wire.
To claify this point, if you're not using ssh, the "sudo su -" method
will not save you. Evil luser grabs your normal user password off the
wire, logs in as you, and runs "sudo su -" as you.
On Wed, 29 Sep 1999, Michael Deck wrote:
> I'm a newbie so maybe I missed something, but why do you say this? In my
> newbie-ness I seem to spend a lot of time logged in as root, mostly
> cleaning up stuff that I hosed up doing something else, or tweaking my
> firewalling scripts, or installing software, etc. I usually use "su"
> because I'm actually telnetting in across my LAN (my Linux box is in a
> closet) and because prefixing every command with "sudo" seems a pain. I use
> sudo when it's one or two commands.
If you're doing bunches 'o root things, being logged in as root isn't
necessarily a bad thing. But it's almost always a better thing to
"su -" than to just "su" because with "su -" you get root's environment.
Some programs may look at your environment and make decisions based on
that.
Regards,
Kirk
--
_/ Kirk Rafferty - Fairplay Communications - Kirk at fpcc.net - 303.363.8810 _/
_/ Fast Internet access for $14.95/month -- http://www.fpcc.net _/
_/ 10Mb Web Space, 2 Email addresses, your own hostname, Linux shell _/
_/ Fairplay Communications uses Open Source Operating Systems exclusively _/
More information about the LUG
mailing list