The Wanderer (2018-08-07): > "su OPTIONAL_USERNAME -c 'YOUR_COMMAND'"
The superiority of sudu over su in this particular case is that it does not require an extra level of quoting. > But it's more secure to require a second password to do elevated things > than to permit doing those things with the same password as is used for > ordinary activities. That not necessarily true. A second password used for rare cases often means a password on a post-it under the keyboard. > Not usually; this is a desktop machine, not a server. Most logins are > done from a position of physical access. > > Also, part of my entire point is that the "let users type their password > to confirm authorization to do elevated things" approach means that > anyone who learns the user's password can *both* log in as the user > *and* do those elevated things, which is clearly less secure than if > that just made it possible to log in as that user. Anyone who learns the user's password can obtain the second password pretty easily. Also, remember that what is really precious is access to user accounts. Root access is only a means to access any user's account. On a single-user machine, it is one and the same. Regards, -- Nicolas George
signature.asc
Description: Digital signature
