Re: PAM Recipe to Authenticate on Either the User's Password or Root's Password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-05-15 at 10:31, Schlaegel wrote:

> > > > It's more program philosophy than a social issue.  When you
> > > > disagree with the author about what the program is supposed
> > > > to do, the source code is the place to start.
> > >
> > > I don't get your meaning. I want to use `sudo` for the purpose it was
> > > written, to execute a command as another user.
> >
> > That's really the purpose of 'su'.  Sudo exists for the case where
> > you don't know the other user's password.  None of the limitations
> > that sudo provides mean much if the user executing it has the
> > option of using su directly or simply logging in as the other
> > user.
> 
> This is the kind of debate I was hoping to avoid, as I think it scares
> away possible solutions.
> 
> The way I see it, there are two camps with views on `su` and `sudo`.
> One camp thinks `su` should be used for system administration and that
> `sudo` should be used by less trusted users or avoided altogether. The
> other camp thinks `su` should be avoided by everyone and that even
> administrators who know the root password should opt to use `sudo`.

I'd add a third camp who thinks that people who can't keep the
passwords straight shouldn't use it at all...  Or that someone
else should very carefully set up passwordless access to the things
they are allowed to do.

> I don't want to argue over who is right, though if you want to debate
> `su` verses `sudo` you can start another thread. My desire is merely
> for a technical answer.

It would take a change to sudo to make it check passwords for
two different users and permit the access either way.  Probably
not a big change since it already knows how to do each separately.

-- 
  Les Mikesell
   lesmikesell@xxxxxxxxx


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux