Most corporate environments are required to disable su entirely due to SOX and PCI requirements to audit every action on the server to a particular user (eliminating user switching as a permissible action). Some companies are even going to the extreme of disabling workaround tricks like sudo bash as well (I think reasonably policy is enough to prevent such usage). It's pretty easy to disable direct root login in RH type servers, and as I noted (and you use in Ubuntu), 'sudo su -' works the same without requiring the system to have an enabled root password.
On 07/06/2011 11:50 PM, Phillip Waclawski wrote: > I use su with my students all the time (true, on my ubuntu machine I use sudo > su) but for redhat based servers (such as CentOS) su is still the main way to > switch to "root". > Phil Waclawski > > ----- Original Message ----- > > From: "Joseph Sinclair" <plug-discuss...@stcaz.net> > To: "Main PLUG discussion list" <plug-discuss@lists.plug.phoenix.az.us> > Sent: Wednesday, July 6, 2011 7:40:55 PM > Subject: Re: RFC - Linux Command Cheatsheet > > Just a few errata and suggestions: > dpkg -[r,P] argument is package-name, not pkg.deb (you specify the package > name, not the deb file for those operations) > apt-get upgrade will only update packages that do not require any other > package to install/uninstall. apt-get dist-upgrade upgrades all packages. > apt-get purge package-name will purge a package without the clumsy --purge > syntax. > I would change the su - to sudo su -, since most distros no longer have the > root password enabled, and you don't want to encourage your students to do > that. > I would drop su -c command, sudo serves that purpose. Add sudo -u username > command to run a command as a specific user in it's place. > I'm not sure if you can squeeze it in, but lsattr will list extended > attributes, which is helpful when you encounter things like files even root > cannot modify. The corresponding chattr changes extended attributes, of > course, but that may not be a good command to mention due to it's higher > risk. > I would put kill and killall in red, especially since killall will do partial > match (try "sudo killall -9 in" for some system-killing fun sometime) and > actually matches on regex. > It might be a very good idea to add "-i" to killall, so the new user has a > slightly higher margin of safety for a mistyped command name. > for "program &" you might want to put "program" in italics to make it clear > it's not a literal command. > The 6 tar lines seem a little overkill. Perhaps it would work better with > fewer repeated lines coupled with a recommendation to check the manual for > the complex commands (like tar, rsync, ip, grep, etc...) that have several > common use patterns and really need more room than you have. > > You might also save some space by removing reboot and halt (which are > actually the same program, much like egrep/fgrep/grep) in favor of shutdown > [-r, -h] (which is generally preferred anyway) > > > On 07/06/2011 10:20 AM, Dennis Kibbe wrote: >> I've updated the Linux Command cheatsheet I use for my classes at MCC >> and would appreciate any comments or corrections before I send it off to >> the Copy Center. >> >> https://s3.amazonaws.com/moodle_data/Linux+Commands.odt >> https://s3.amazonaws.com/moodle_data/Linux+Commands.pdf >> >> It's licensed Attribution-ShareAlike 3.0 United States license, >> available at http://creativecommons.org/licenses/by-sa/3.0/us/. >> >> FYI: Creative Commons has a very easy to use plugin for LibreOffice that >> allows you to assign a Creative Commons license to your documents and >> insert a license statement automatically. >> >> http://labs.creativecommons.org/2010/12/08/libreoffice-and-cc-openoffice-plugin/ >> >> >> Moodle 3 also includes support for Create Commons licenses. (Aside >> der.hans: Moodle 3 ist super, besser als 2 in jeder Hinsicht!) >> >> Remember when you create something it's copyrighted All Rights Reserved >> (der.hans: Alle Rechte vorbehalten) by default, so if you want to share >> your work you need to license it. >> >> Dennis Kibbe > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
signature.asc
Description: OpenPGP digital signature
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
