On Tue, 23 Apr 2002, Mike Holley wrote: > I have seen a lot of talk about root lately. I have an other question on > this subject. To install all the things I have been doing with fink I > have been in root via "su root" command. Is that another way to do sudo, > or is it actually root?
As used here, 'su' probably stands for 'switch user'. So for example my script for launching PostgreSQL as the postgres user goes (abbrviating): su - postgres -c 'sh -c "~/postmaster -D ~/data >> ~/logfile 2>&1 &"' The details aren't important, suffice to say that the command in single quotes is being issued under the postgres user, and not whoever happened to issue the command (usually root, since it's a startup script). Issued with no parameters, 'su' is assumed to mean 'su root', and it is *not* the same thing as running under 'sudo'. See Chris Z.'s reply on this for more detail, but basically sudo gives you fine-grained control over what commands users are allowed to use, and it records a log of all actions taken with sudo priviliges. This whole mechanism was invented because raw 'su' didn't do any of this by itself. > The reason I use su root instead of sudo is sudo never works. I try it > with dselect, I get the message to respect privacy and to think before I > type then it asks for the password. I enter it and I am brought back to > the promt and it never launched dselect. This should just happen the first time a user tries to use sudo. If you repeat the command, do you get the same message? If so, something is wrong. The output you should get should be more like this (lines where I had to input something are ->marked, though the password isn't echoed): -> % printf "\nThis is a sudo test.\n\n" This is a sudo test. -> % printf "\nThis is a sudo test.\n\n" >foo -> % sudo cat foo -> Password: This is a sudo test. -> % sudo cat foo This is a sudo test. % The first time a user uses sudo, there is that message. After that, every time sudo is issued the password is requested, and you get to make as much use of sudo priviliges as you want for the next five minutes; it won't ask you again until that window of time expires. > When my bro was helping me set up my system he enabled root, and > made it's password as the same as admin. I know I am typing the > right password. I think you probably aren't. The whole reason the sudo system exists is that regular users *don't need to know the real root password*. It is a way to delegate authority to non-priviliged users, and creating an audit trail of what those users do with their priviliges. For example say you have a web admin who has an account on your machine, roger. You can edit the sudoers file to grant roger access to apachectl, but nothing else. All Roger has to do is issue his own password & he can start & stop Apache. He doesn't need to know the system administrator's password, because he doesn't have permission to do anything else on the system except for manage the service that is his administrative area. Likewise your database user can have access to mysql commands but nothing related to Apache, and regular web designers don't need access to either of these things because all they have to do is create documents. -- Chris Devers [EMAIL PROTECTED] Apache / mod_perl / http://homepage.mac.com/chdevers/resume/ "More war soon. You know how it is." -- mnftiu.cc _______________________________________________ Fink-beginners mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-beginners