[OT] sudo, why not su?

Mon Aug 8 04:16:22 UTC 2005

On Sun, 2005-08-07 at 23:57 -0400, MrKnisely wrote:
> Magnus Therning wrote:
> 
> >On Sun, Aug 07, 2005 at 11:18:14AM -0400, MrKnisely wrote:
> >  
> >
> >>Perhaps it is important to remember that althoug you can do the same
> >>tasks with two commands, they are not meant to be replacements for one
> >>another.  Per man:
> >>
> >>su - Change user ID or become super-user
> >>
> >>sudo - execute a command as another user
> >>
> >>Note that with su you are becoming that other user.  Most of us are
> >>familiar with becoming root, since we often run single user machines
> >>and need to run a few commands as root; however, in a multi-user
> >>enfiroment I've used su to become useres to test secutity I've put in
> >>place.  Now, lets take this a step further.  Is it a good idea for
> >>user1 to become user2?  No, user1 shoud only be able to become user2 if
> >>user1 is also able to become root, since root could do this anyway.
> >>This is why su requires root's password. Sudo, on the other hand, is
> >>just to allow a user to run a program with the elevated privlage of
> >>root.
> >>    
> >>
> >
> >Yes, so that would explain, on a philosophical level, why 'sudo' is used
> >instead of 'su'. It also explains why 'sudo' asks for the user's
> >password, and 'su' for root's. It's a really good point.
> >
> >  
> >
> >>Now, there is a way around this.  "sudo su"  Again, I don't recommend
> >>this, but it works.
> >>    
> >>
> >
> >Another good point. So there is a little bit of a crack, but since
> >'sudo' can be extensively configured it can probably be closed up.
> >
> >  
> >
> >>Perhaps an alias for su to this command is what you want.
> >>    
> >>
> >
> >No! That is not at all what I'm looking for. All I ever wanted to know
> >was if 'su' can, in some way, be set up, probably using pam, in such a
> >way that it doesn't ask for root's password, but rather asks for the
> >user's password. That's all, nothing more, nothing less.
> >
> >I'm perfectly happy typing 'sudo' for all my "root tasks". I haven't
> >been missing 'su' at all since switching from Debian to Ubuntu. I was
> >just interested in finding out whether su+pam would be a replacement for
> >'sudo' for the scenario where:
> > 
> > - there is only one user on a machine
> > - there is no root password
> >
> >I.e. basically the situation of a newly installed Ubuntu machine.
> >
> >/M
> >
> >  
> >
> Hmmm... One other suggestion.  I believe that you could do this is you 
> edited your /etc/passwd file and gave yourself the uid of 0.  Then, it 
> would work... I think.

Right you are..

Computer works with #..

Just like the web address..  We really don't work with www.goodsite.com
we use   some hex # in the form      aa.bb.cc.dd

Good luck

Vram..