Subject: Re: [email@example.com: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
To: Jan Schaumann <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 04/26/2002 07:46:51
On Thu, Apr 25, 2002 at 09:21:57PM -0400, Jan Schaumann wrote:
> firstname.lastname@example.org wrote:
> > I'm curious as to why so many publications these days tell users to
> > use sudo rather then su.
> A few weeks ago, there was a somewhat lengthy but informative thread on
> sage-members regarding su/sudo practices. I've not yet determined how
> to access the ML's archive (if it exists), otherwise I could probably
> give you better examples.
> Anyway, I think the main reason sudo is popular is that it prevents
> people from running around as root. Sure, many of you guys may be
So what? su -c can do that, without the complexity of sudo and without
the false sense of security. If you want to let a user run one
particular binary as root, copy it and use group permissions (or ACLs
if your chosen Unix allows that; sadly NetBSD does not).
Sudo is both extraneous and dangerous. When I find that I'm running
a system that relies on sudo in some way, one of the first things I do is
remove it. And I've got to say that after about 15 years running Unix
systems, I am never particularly impressed with advice or discussion
from the SAGE types; that they'd advocate using sudo does little to change
that perception on my part.