[OT] sudo, why not su?

Magnus Therning magnus at therning.org
Mon Aug 8 20:53:10 UTC 2005


On Mon, Aug 08, 2005 at 09:38:18AM +0100, Sean Miller wrote:
>Magnus Therning wrote:
>
>>The difference is that I use sudo, and my colleague use su. I wanted to
>>know exactly what the benefit of sudo is over su. In the most simple
>>usage of sudo (as in a newly installed Ubuntu) the benefit is that sudo
>>requires the user's password, su requires root's password. If su could,
>>in some way, be made to require the calling user's password then that
>>difference would disappear and, in that very simple scenario, su and
>>sudo would be so similar that either could be used.
>> 
>Just found the original question -- somewhere along the line somebody
>made the statement that you couldn't su to another user except through
>root... that was the basis of my previous answer... now, this one...
>
>I have been using both sudo and su in a professional environment for
>about 10 years... I have never considered them to be in any way the
>same thing...  neither has a benefit over the other because they do
>different things.

Yet they are used to accomplish pretty much the same thing (remember I
consider only the sudo configuration present in a fresh Ubuntu install):

Using sudo:

$ sudo apt-get update
$ sudo apt-get upgrade

Using su (assuming there is a root password configured):

$ su -
# apt-get update
# apt-get upgrade
# <ctrl-d>

I appreciate there is a philosophical difference, but there is little
practical difference. To most users it is a matter of elevating one's
privileges in order to accomplish a task.

The most visible difference is that for sudo the user's password is
used, for su it's root's.

It's even quite common to add user's to the wheel group (in Debian they
use adm) and then remove the need to enter root's password when running
su. So, I wondered if there was a way to get su to ask for the calling
user's password, just like sudo does?

>su
>----
>su switches user. It creates a new shell process spawned from the one
>it is called from which is logged in as the requested user (if none is
>specified this is root).  When you su to another user you have to enter
>their password unless you are logged as root when you issue the command
>in which case you do not.  This is because of the heirarchy... root is
>the super-user, others do not have this privilege.

It is possible to configure pam in such a way that root has to give his
own password. It seems a little silly, but it's possible.

It is also possible to let members of specific groups run su without
entering a password.

>To set su up so that you entered your own password would completely
>negate the whole Linux/Unix security model. It would effectively mean
>that every user is a super-user and, as such, have the ability to do
>things that only root should.

It would? Why? Does that mean that sudo (in the configuration found in a
newly installed Ubuntu system) negates the Unix security model?
'sudo su -' gives the user a root login shell, and all he enters is his
own password!

I think it weakens the security of the system, but saying that it
negates the whole Unix security model is a bit too strong.

>sudo
>--------
>sudo runs a single command as the root user. In its "ubuntu"
>incarnation it has a lot of access to commands whereas in its purest
>incarnation it does not.
>
>Access to run commands as root using "sudo" is controlled by root...
>there is a file called /etc/sudoers which links commands to users.
>When using it at an Insurance company I was working at normal users had
>very few commands they could run... killing print jobs was one... but
>they certainly wouldn't have been able to get to a root shell using
>sudo.
>
>The values in /etc/sudoers are changed by root by issuing the command
>"visudo"... the Ubuntu setup as supplied by default basically gives the
>first user set up during install carte-blance to run anything as root.
>This is not really what sudo is designed for but is a novel way of
>giving folks the ability to administer every aspect of their Ubuntu
>install without ever having to go to a root shell.

You are missing the scenario. I am aware that sudo is powerful, and
extremely configurable. It's a brilliant tool to control access to
powerful commands. However, the scenario is a newly installed Ubuntu
system, i.e. there is one user that, supplying his own password, can run
every binary on the system as root 

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://therning.org/magnus

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

With PCs 1,000 times more powerful than they used to be, our
encryption keys can and should be 1,000 times bigger too. That means
cryptokeys of at least 56,000 bits.
      -- Seen on developer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050808/95e7f87c/attachment.sig>


More information about the ubuntu-users mailing list