From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate.ufw2.com([216.163.19.158]) (2834 bytes) by braille.uwo.ca via smail with P:esmtp/D:aliases/T:pipe (sender: ) id for ; Sat, 21 Oct 2000 14:50:00 -0400 (EDT) (Smail-3.2.0.102 1998-Aug-2 #2 built 1999-Sep-5) Received: from [216.163.21.20] by gate.ufw2.com for speakup@braille.uwo.ca id NAA07165; Sat Oct 21 13:47:19 2000 Received: from hardb ([216.163.21.59]) by mail.ufw2.com (Build 101 8.9.3/NT-8.9.3) with SMTP id NAA01334 for ; Sat, 21 Oct 2000 13:47:51 -0500 Message-Id: <3.0.6.32.20001021134742.007c87d0@mail.ufw2.com> X-Sender: bharding@mail.ufw2.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Sat, 21 Oct 2000 13:47:42 -0500 Subject: Re: Root access (was RE: which prebuilt linux boxes seem to work best?) In-Reply-To: References: <3.0.6.32.20001020210316.007c4b40@mail.ufw2.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: speakup@braille.uwo.ca From: Brent Harding List-Id: It would be neat if there was a howto on it that was easy to understand. How does sudo deal with system files the user can edit? I wonder if this guy I was hearing it from really did develop his own way to make more users root than just one without the password. My impression of sudo is that the root commands a user can use need to be specified somewhere, but if I need to edit a config file, to set up virtual hosts, and have permission to edit what I need to, I'm not sure how this gets implemented. Changing all the permissions will mess up as programs sometimes check, and adding an extra 7 and changing group owner to admins for say might not work. At 04:31 PM 10/21/00 +1100, you wrote: >Hi Brent: > >There can only be one root user. Having said that, you can either use sudo >or su to gain access as root. If I were a sysadmin, I'd probably implement >sudo rather than allow access to su. Why? Because su is used for people >to become root. It's just the same as logging in as root except it gets >around the /etc/securetty permissions. In other words, anyone from any >location can become super user using su if they first login as their user >account. Su expects root's password in order to become super user, which >means that a sysadmin has to give out root's password to anyone they want >to use su. Sudo however authenticates with the user's password, and the >sysadmin controls who has access to it. If someone is abusing it, they can >take away their access and there's nothing the user can do about it. In my >opinion, this is much safer. Which means I really should go learn how to >administer it. > >Geoff. > > >-- >Geoff Shang >ICQ number 43634701 > > >_______________________________________________ >Speakup mailing list >Speakup@braille.uwo.ca >http://speech.braille.uwo.ca/mailman/listinfo/speakup > > >