Advantages of 'sudo' Over 'su'?
Andrew Sobala
aes at gnome.org
Fri Oct 1 22:49:00 UTC 2004
On Fri, 2004-10-01 at 15:35 -0700, Matt Zimmerman wrote:
> On Fri, Oct 01, 2004 at 02:21:06PM +0100, Colin Watson wrote:
>
> > On Thu, Sep 30, 2004 at 09:16:38PM -0400, Brett Kirksey wrote:
> > > I've been curious about this since I run OS X as well. What are
> > > the advantages of disabling the root account and adding a user
> > > or group to sudoers with root priveleges? Can a user given the
> > > same priveleges as root in sudoers do everything that root can?
> > > If so, why bother disabling root? The sudoer could just type
> > > sudo su and get the same result as su if root wre enabled?
> >
> > The original reason we disabled the root account was simply that it was
> > two more questions we could avoid asking at installation time. :-)
>
> And even more significantly, a question whose answer the user needed to
> remember forever, even though they would rarely use it. Root passwords are
> often forgotten by users who are new to the Unix security model.
There's also an advantage in encouraging users to type "sudo" before
every command they want to execute as root, instead of wallowing around
in a root shell then accidentally doing damage. It's been good unix
practise for a long time to "su-command-^D" regularly instead of staying
in a root shell, unless you're doing serious system maintenance (at
which point you can sudo su still).
--
Andrew
More information about the ubuntu-users
mailing list