On 8/18/05, Stuart Henderson <[EMAIL PROTECTED]> wrote: [snip] > > 2. Alot of you seem to use sudo instead of su - when you want to do > > something that requires privileges. Why is this? What settings are > > you using for sudo? > > Various reasons .. if you use sudo on each command you want to execute > as root, you get a useful audit trail in the system log (or by mail, if > wanted). (if you sudo -s, or use sudo to run a shell, this bypasses > it). Also you can control which commands can be run by which users. You > can have it ask for the (user's) password every time, or you can have > it ask no more than every XX minutes. See sudoers(5) for more options.
Using sudo is a good habit to get into, because when/if you admin multi-user systems, it allows you to grant fine-grained privileges to users without having to give anyone root's password. Even on single-user systems, it allows you to perform certain (very specific) actions as root (e.g. mount/umount on removeable storage from gkrellm) without being prompted for a password. As Stuart noted, you also get an audit trail, and if you're using sudosh (which, last I checked, runs on most modern UNIX-like systems except BSD - doh), you get complete record/playback functionality, with timing, for everything typed during a session. See http://sf.net/projects/sudosh/ for more. I have heard rumors that work is underway to merge sudosh functionality into sudo, but Todd Miller (or the sudo mailing list) would be the one to ask about that. -- [EMAIL PROTECTED],darkuncle.net} || 0x5537F527 encrypted email to the latter address please http://darkuncle.net/pubkey.asc for public key
