On 14/12/11 21:21, Sean Conner wrote:
[3] Sudo was to allow non-root users to do root-like
things, but *not*
to run a @#$@ shell, or else, why not just give the users root
access? I mean---hello! Am I missing something?
It makes it easier to administer the 'right to run commands as root'
privilege:
* If all you have is 'su', you have to give the root password to
everyone who needs to run commands as root. If that password changes,
you now need to give it to all the other admins / root users.
* If the root password is compromised, you have to change it... and give
the new one out again.
* The user doesn't need to remember two passwords (their logon password
and the root password). Convenience factor.
* If a user only needs to run one command as root (say, mksquashfs) then
you add that to 'sudoers' as an explicit-allow rule.
--
Phil.
classiccmp at philpem.me.uk
http://www.philpem.me.uk/