* Claudio Freire <klaussfreire@gmail.com> [2013-03-25 16:12]:
On Mon, Mar 25, 2013 at 8:36 AM, Peter Hanisch <veniastra@gmail.com> wrote:
On 25/03/13 00:33, Claudio Freire wrote:
On Sun, Mar 24, 2013 at 7:55 PM, Rajko <rmatov101@charter.net> wrote:
TBH I've always considered "sudo su" rather common and standard.
That could be the case in some other distro, but within openSUSE you will find often recommendations to use 'su' and 'su -' and not 'sudo'. Details are buried in the discussions stored in mail list archives, but I would recall if there was any significant chatter about changes regarding this.
Well, I'd consider any recommendation to not use sudo entirely rather ill-suited for most applications where sudo is desired.
Ie: when you want to give sudo powers to users without giving them the root password. Which I'd consider an important use case.
I thought the recommendation was against the specific "sudo su" idiom.
One of the reasons why sudo is also encouraged is logging. On a shared computer, it is relatively trivial to log every command executed via sudo and then aggregate that information via e.g. logwatch or logcheck or any number of monitoring solutions. For this reason, it might be advisable to actually specifically disallow sudo su, since that circumvents said measures, basically using sudo once to gain a root shell, in which you can go crazy.
Yes, but sometimes it is necessary. For instance, when piping.
sudo blabla | grep bleh > /etc/somefile
won't work, because the redirect happens in an unprivileged bash. And doing sudo bash -c 'all here' is a mess of string quoting that never comes out right.
sudo blabla | grep bleh | sudo tee /etc/somefile >/dev/null is a well-known idiom for addressing this (and other redirections requiring root privileges). -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org