[OT] sudo, why not su?

Magnus Therning magnus at therning.org
Sun Aug 7 19:18:56 UTC 2005


On Sun, Aug 07, 2005 at 11:18:14AM -0400, MrKnisely wrote:
>Perhaps it is important to remember that althoug you can do the same
>tasks with two commands, they are not meant to be replacements for one
>another.  Per man:
>
>su - Change user ID or become super-user
>
>sudo - execute a command as another user
>
>Note that with su you are becoming that other user.  Most of us are
>familiar with becoming root, since we often run single user machines
>and need to run a few commands as root; however, in a multi-user
>enfiroment I've used su to become useres to test secutity I've put in
>place.  Now, lets take this a step further.  Is it a good idea for
>user1 to become user2?  No, user1 shoud only be able to become user2 if
>user1 is also able to become root, since root could do this anyway.
>This is why su requires root's password. Sudo, on the other hand, is
>just to allow a user to run a program with the elevated privlage of
>root.

Yes, so that would explain, on a philosophical level, why 'sudo' is used
instead of 'su'. It also explains why 'sudo' asks for the user's
password, and 'su' for root's. It's a really good point.

>Now, there is a way around this.  "sudo su"  Again, I don't recommend
>this, but it works.

Another good point. So there is a little bit of a crack, but since
'sudo' can be extensively configured it can probably be closed up.

>Perhaps an alias for su to this command is what you want.

No! That is not at all what I'm looking for. All I ever wanted to know
was if 'su' can, in some way, be set up, probably using pam, in such a
way that it doesn't ask for root's password, but rather asks for the
user's password. That's all, nothing more, nothing less.

I'm perfectly happy typing 'sudo' for all my "root tasks". I haven't
been missing 'su' at all since switching from Debian to Ubuntu. I was
just interested in finding out whether su+pam would be a replacement for
'sudo' for the scenario where:
 
 - there is only one user on a machine
 - there is no root password

I.e. basically the situation of a newly installed Ubuntu machine.

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://therning.org/magnus

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

Finagle's First Law:
To study a subject best, understand it thoroughly before you start.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050807/9bc59599/attachment.sig>


More information about the ubuntu-users mailing list