> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mark > Sent: Monday, June 22, 2009 2:28 PM > To: General Red Hat Linux discussion list > Subject: Re: SUDO > > Hike wrote: > > Why? > > > > If the user knows the root password, there is no need. > > Ok, let me explain further. We're not talking home systems, > we're talking > corporate. And no, *not* everyone knows the root password. > In fact, using sudo > su - means they do not have to know it. Even in a corporate setting there is no need to set up "sudo su -" or "sudo su - root". You set up sudo to allow "sudo bash" to be run as the appropriate user (root or otherwise). > > If sudo is cofigured correctly, there is no need to "su - > root" since > > the user can already run the needed commands. > > That depends. Some users - presumably admins - can be > configured to allowed to > run only certain commands. Others may need less limited use, > and it can be a > lot easier if they can get to root; for example, when I'm > going to look at > logs, and only root can read them, or even look in some > directories under > /var/log, it's a *real* pain to sudo view every single log. Yes. If you only need read access, you configure selinux to allow it or you configure sudo to allow you to "more /var/log/*" (or less if that's your preference). If you actually need shell access, you allow "sudo <shell>". --Maarten -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
