su

[Advent Systems]

Thanks guys.
Bob Randal

Dave Yearke wrote:

>>Sudo is cool because it allows users to execute
>>commands as root without giving away the root password. The users
>>allowed to use this and the commands they execute are adjustable so not
>>everyone can use it and not all commands are available.
>>    
>>
>
>The other great thing about sudo is that it logs every invocation, which is not 
>only useful for security reasons, but has also saved my hide on occasion when I 
>realize a system is doing something strange and need to figure out what's been 
>done to it recently. I have a terrible memory, and the sudo log can help me 
>remember that I, or some other admin, changed a config file or started some new 
>daemon or something like that. We strongly discourage su in favor of sudo for 
>that reason alone.
>
>The only downside is that it opens up multiple points of vulnerability for the 
>root password. If you think about it, on a normal system the root account 
>password is a single point of vulnerability. On a system with sudo, the password 
>of anyone with full sudo permission is now a vulnerability, because it's easy to 
>do "sudo su -" and have carte-blanche root access. Another reason why admins, 
>more than anyone else, need to use strong passwords.
>
>All in all, though, sudo rocks. :-)
>
>  
>