[OT] sudo, why not su?

Magnus Therning magnus at therning.org
Sun Aug 7 19:08:13 UTC 2005 

On Sun, Aug 07, 2005 at 02:47:21PM +0100, Paul Sladen wrote:
>On Sun, 7 Aug 2005, Magnus Therning wrote:
>> we got to discussing, and another colleague said that OSX doesn't have a
>> root password and uses 'su' with pam to give root access to users. (Is
>> that correct?)
>
>MacOSX uses 'sudo'.  (Via the Security Services, rather than PAM).

Good to know. I don't have a Mac myself so I had no way of checking his
claims.

>> The main reason I could think of was that su+pam results in no password
>> being needed while sudo requires the password of the current user.
>
>Sudo can be configured in either mode;  however, having a line with
>'NOPASSWD:' set for all commands would be considered bad security
>practise.

That would mean that I get sudo to behave like su+pam. It's the exact
opposite of what I asked, even thought it's good to know the possibility
exists.

>>A second reason might be that sudo has more fine-grained configuration
>>possibilities.
>
>'Sudo' provides fine-grained control over which user can execute which
>commands, as which other user, on which machine.

Yes, that's a really big pro of 'sudo'. I had forgotten about that.

>> So, all I am wondering is if there is a way to get 'su' to ask for the
>> caller's password before granting root privileges.
>
>You are required identify *yourself*, by providing something that only you
>know (and not a password that is shared with anyone else). This helps
>prevent an unauthorised user walking up to a logged-in machine and
>deleting or trojaning programs.

For sudo I have to *authenticate* myself then the tool checks that I
have authorization to run a specific command with elevated privileges.
This is done by entering my own password (at least in all configurations
I've seen).

For su I have to *authenticate* as root, i.e. enter root's password. In
most configurations su won't require root to enter his own password
('auth sufficient pam_rootok.so'), it is possible to configure it in
such a way that if a user is member of a specific group then the user
don't need to enter root's password ('auth sufficient pam_wheel.so
trust').

AFAICS you still haven't answered my original question. I don't know if
it's because English isn't my native language but I'm finding it
_really_ frustrating that I keep on getting answers to questions I don't
ask.

I'll try to be even more explicit:

I install Ubuntu. I create one user during the install, let's call the
user 'usr1', with the password 'pwd1'. As part of the install an entry
is added in /etc/sudoers:

 usr1  ALL=(ALL) ALL

As a result of this 'usr1' can run commands that require root
privileges. He does it like this:

 usr1$ sudo cmd
 Password: <pwd1>

If there is a root password (say 'rootpwd') then 'usr1' can use 'su' to
run commands that require root privileges:

 usr1$ su -c cmd
 Password: <rootpwd>

Now, what I wonder is if there is a way to set up your system such that
the following is possible:

 usr1$ su -c cmd
 Password: <pwd1>

I.e. that the user provides his own password rather than root's password
to 'su'.

>> If there isn't then sudo has a real advantage over su.
>
>'Sudo' provides a huge number of advantages.  This is why Ubuntu and other
>modern Unix operating systems use it.  IIRC, Microsoft are switching to the
>same ('sudo'-style) security model in the next release of Windows.

Yes, I've read about that as well. But, will they add a 'sudo' or stick
to 'su'? I don't know. They already have 'su' (Run As...), they might
just make that a more central feature.

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://therning.org/magnus

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

I've imagined doing software backwards -- and it almost works. Backwards
1.0 has a ton of great features. With each release it has fewer features,
until, one day, it's down to its core, the bare few features that make it a
killer app.
     -- Brent Simmons
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050807/5b138f3e/attachment.sig>

More information about the ubuntu-users mailing list