On Tuesday 17 November 2009 16:06:50 PaulNM wrote: > Preston Boyington wrote: > > I don't know of any reason to use both 'su' and 'sudo' in a command. > > either you would 'su' to root or you would 'sudo' to run a singular > > command. > > > > 'su' is to change into superuser (root) until you exit. > > 'sudo' is to temporarily be superuser until the command is completed.
(sudo -s) OR (sudo -i) can be used to get a shell as root using sudo.
(su -c "$command") can be used to run a single command using su.
I've seen the use-sudo-to-run-su pattern fed to some users for a way to use su
even when the root account is locked/disabled.
> > To use 'sudo' to run a command just type 'sudo <command>' and as long as
> > you have the user in the 'sudo' group ('adduser user sudo' as root) that
> > user will be able to run said command when they log back in.
>
> Sudo only needs the user password, not root's, along with an entry in
> sudoers.
sudo can use the password of the user running sudo, or the password of the
user the command is being run as, depending on the contents of /etc/sudoers
(and the command being run and host it is being run on etc.).
sudo gives the administrator more fined-grained control and flexibility than
shared passwords (commonly used with su). Properly configured it is more
secure than su. Caveat emptor: improperly configured it can eliminate all
semblance of security.
> Ubuntu is infamous for this kind of setup.
Well before Ubuntu was doing it as part of installation, I used a very similar
setup on my Gentoo system. Having switched to Debian (plus openSUSE for my
proprietary work VPN), I continue to use sudo and have my root account
locked/disabled; I doubt su even works on the 3 of the 4 systems I
administrate.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
