On Tue, 23 Apr 2002, Mike Holley wrote:
> I have seen a lot of talk about root lately. I have an other question on
> this subject. To install all the things I have been doing with fink I
> have been in root via "su root" command. Is that another way to do sudo,
> or is it actually root?
As used here, 'su' probably stands for 'switch user'. So for example my
script for launching PostgreSQL as the postgres user goes (abbrviating):
su - postgres -c 'sh -c "~/postmaster -D ~/data >> ~/logfile 2>&1 &"'
The details aren't important, suffice to say that the command in single
quotes is being issued under the postgres user, and not whoever happened
to issue the command (usually root, since it's a startup script).
Issued with no parameters, 'su' is assumed to mean 'su root', and it is
*not* the same thing as running under 'sudo'. See Chris Z.'s reply on this
for more detail, but basically sudo gives you fine-grained control over
what commands users are allowed to use, and it records a log of all
actions taken with sudo priviliges. This whole mechanism was invented
because raw 'su' didn't do any of this by itself.
> The reason I use su root instead of sudo is sudo never works. I try it
> with dselect, I get the message to respect privacy and to think before I
> type then it asks for the password. I enter it and I am brought back to
> the promt and it never launched dselect.
This should just happen the first time a user tries to use sudo. If you
repeat the command, do you get the same message? If so, something is
wrong. The output you should get should be more like this (lines where I
had to input something are ->marked, though the password isn't echoed):
-> % printf "\nThis is a sudo test.\n\n"
This is a sudo test.
-> % printf "\nThis is a sudo test.\n\n" >foo
-> % sudo cat foo
-> Password:
This is a sudo test.
-> % sudo cat foo
This is a sudo test.
%
The first time a user uses sudo, there is that message. After that, every
time sudo is issued the password is requested, and you get to make as much
use of sudo priviliges as you want for the next five minutes; it won't ask
you again until that window of time expires.
> When my bro was helping me set up my system he enabled root, and
> made it's password as the same as admin. I know I am typing the
> right password.
I think you probably aren't. The whole reason the sudo system exists is
that regular users *don't need to know the real root password*. It is a
way to delegate authority to non-priviliged users, and creating an audit
trail of what those users do with their priviliges.
For example say you have a web admin who has an account on your machine,
roger. You can edit the sudoers file to grant roger access to apachectl,
but nothing else. All Roger has to do is issue his own password & he can
start & stop Apache. He doesn't need to know the system administrator's
password, because he doesn't have permission to do anything else on the
system except for manage the service that is his administrative area.
Likewise your database user can have access to mysql commands but nothing
related to Apache, and regular web designers don't need access to either
of these things because all they have to do is create documents.
--
Chris Devers [EMAIL PROTECTED]
Apache / mod_perl / http://homepage.mac.com/chdevers/resume/
"More war soon. You know how it is." -- mnftiu.cc
_______________________________________________
Fink-beginners mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-beginners
