su: blacklist users
Dominic Lepiane
archangel
Fri May 26 10:29:24 PDT 2006
On May 25, 2006 09:04 pm, Man-wai CHANG wrote:
> > So far as I know, the best way to control access to who has access to
> > super-user privileges is with "sudo". My understanding is that what sudo
> > is for.
>
> sudo is no replacement for su. It's not convenient if you have lots of
> commands to run.
$ sudo su
# uname
# cd
# ls
# ^D
$
?
Do not be under the misaprehension that sudo limits the commands a user can
run as the super-user. It grants super-user access. That's what it does and
that's what it's good for. It allows an administrator to specify who gets to
authenticate as super-user (like the pam_wheel module mentioned before)
without sharing the root password and logs a tidy record of which user
account took root access (which is nicer the su, but still similar).
So pick one, pam_wheel or sudo. Clearly, I'm a big fan of sudo ;)
--
Dominic Lepiane
"Payday came and with it beer."
-- Rudyard Kipling
.o.
..o
ooo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20060526/1589c7aa/attachment.pgp
More information about the Linux-users
mailing list