No subject


Thu Apr 13 15:25:37 EDT 2006


----
A related command called sudo executes a command as another user but
observes a set of constraints about which users can execute which
commands as which other users (generally in a configuration file named
/etc/sudoers). Unlike su, sudo authenticates users against their own
password rather than that of the target user (to allow the delegation
of specific commands to specific users on specific hosts without
sharing passwords among them and while mitigating the risk of any
unattended terminals).

Great care must be taken by a system administrator to choose a
suitable password for the root account, to prevent any possible
takeover by a low level user running su. Some Unix-like systems have a
wheel group of users, and only allow these users to su to root. This
may or may not mitigate these security concerns, since an intruder
might first simply break into one of those accounts. GNU su, however,
does not support a wheel group; this was done for philosophical
reasons. [1]
----

Enough said.

--tim


More information about the grlug mailing list