Dave Yearke yearke at
Thu May 26 08:28:50 EDT 2005

>Sudo is cool because it allows users to execute
>commands as root without giving away the root password. The users
>allowed to use this and the commands they execute are adjustable so not
>everyone can use it and not all commands are available.

The other great thing about sudo is that it logs every invocation, which is not 
only useful for security reasons, but has also saved my hide on occasion when I 
realize a system is doing something strange and need to figure out what's been 
done to it recently. I have a terrible memory, and the sudo log can help me 
remember that I, or some other admin, changed a config file or started some new 
daemon or something like that. We strongly discourage su in favor of sudo for 
that reason alone.

The only downside is that it opens up multiple points of vulnerability for the 
root password. If you think about it, on a normal system the root account 
password is a single point of vulnerability. On a system with sudo, the password 
of anyone with full sudo permission is now a vulnerability, because it's easy to 
do "sudo su -" and have carte-blanche root access. Another reason why admins, 
more than anyone else, need to use strong passwords.

All in all, though, sudo rocks. :-)

                      Dave Yearke, yearke at
                      "Remember, you may have to grow old,
                       but you don't have to mature". -- Red Green 

More information about the nflug mailing list