[OT] sudo, why not su?

Magnus Therning magnus at therning.org
Sun Aug 7 13:05:37 UTC 2005


On Sat, Aug 06, 2005 at 03:45:11PM +0200, J.Markoll wrote:
>Magnus Therning a écrit :
>>On Fri, Aug 05, 2005 at 08:56:14PM +0200, J.Markoll wrote:
>>>Magnus Therning a écrit :
>>>>Is there any way of configuring pam in such a way that su behaves like
>>>>sudo, i.e. asks for the user's password before executing something as
>>>>root?
>>>>/M
>>>Hello,
>>>See with aliasing.
>>>http://www.samspublishing.com/articles/article.asp?p=169504&seqNum=7&rl=1
>>OK. I suppose I should have been a bit more explicit.
>>I'm _not_ looking for 'alias' or 'ln'. I'm not interested in writing
>>'su' and having 'sudo' executing. I want to know if there's a way to run
>>'su', the binary, but have it behave like sudo.
>Sorry, my fault, I read too fast.
>
>>I can configure pam in such a way that if a user in a specific group
>>(often 'wheel' is used for this) calls 'su' then no root password is
>>required. Actually no password is required at all!
>>So, I ask again. Is there a way to configure my system in such a way
>>that 'su' asks for the caller's password?
>I think you should either choose su or sudo, and then give the admin
>rights on this application for the group authorized to run this
>application.
>su bringing you to get a permanent root, as long as it is not exited...
>
>No root password required: do you intend to use one or not for this group ?
>Someone else ?

On Friday I learnt,from a colleague, that pam can be configured in such
a way that members of a certain group can use 'su' without root
password, actually without any password whatsoever. So we got to
discussing, and another colleague said that OSX doesn't have a root
password and uses 'su' with pam to give root access to users. (Is that
correct?)

This all got me wondering on why Ubuntu uses 'sudo' rather than 'su'.
The main reason I could think of was that su+pam results in no password
being needed while sudo requires the password of the current user. A
second reason might be that sudo has more fine-grained configuration
possibilities.

So, all I am wondering is if there is a way to get 'su' to ask for the
caller's password before granting root privileges. If there isn't then
sudo has a real advantage over su.

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://therning.org/magnus

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

There are three types of people in this world: those who can count and
those who cannot.
     -- Unknown
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050807/5beebd20/attachment.sig>


More information about the ubuntu-users mailing list