On 05/11/2019 04.43, David T-G wrote:
Carlos, Patrick, Dave, et al --
...and then Dave Howorth said... % % On Fri, 1 Nov 2019 20:43:49 -0400 % Patrick Shanahan <paka@opensuse.org> wrote: % % > * Carlos E. R. <robin.listas@telefonica.net> [11-01-19 17:31]: ... % > > We do "su - test", leave out the sudo. This is not Ubuntu. % > >
What's with Ubuntu? I was using sudo on SunOS back in the early 90s. It's worlds ahead of basic su.
Not the Ubuntu way :-)
... % > agreed. I seldom utilize sudo, preferring "su - <someuser> and the % > dash following su provides the environment from <someuser>
Why would you prefer su when you could just
sudo -i -u <someuser>
to start a login (-i) shell more securely?
Why wold it be more secure?
% ... % The reason being that sudo just grants authority for the one command % that follows it. Using su - starts an open root session, and using su - % test afterwards doesn't close it. The root session is still there and
So would
sudo -i sudo -iu root
and more securely.
In addition to providing granular control of what a user may & may not do and logging all activity and not revealing the root password,
Ah! But you see, the way sudo is configured in those machines (ie, not configured at all), the user using sudo can do absolutely everything, he is not restricted at all. And about not revealing the root password, remember that the users we are talking about are also the administrators of the machine and the owners of the machine, so of course they know the root password. In fact, in openSUSE, the password you type when using sudo is the root password.
sudo is simply more secure because instead of having to execute a command as root
sudo su - <user>
one simply executes a command in your context
sudo -iu <user>
to become that account (if allowed, of course). Even if you know the root password, you shouldn't be using it on a daily basis, using instead sudo to gain those privileges when & as needed.
Why? -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)