On 17 Aug 10:55, Ted Harding wrote:
I've been quietly watching this one, with slight puzzlement! If I'm logged in as (say) "ted", and in that login I do
su -
and at the prompt enter the root password, then I'm fully logged in as "root", environment and all. Ctrl+D to log out, of course, and back to being "ted".
Similar of course to switch to any other user, e.g. "guest":
su - guest
So what's all the fuss about?
OK - *unless* you've spent time messing with the pam config for su, that requires you to have the password for the user that you're becoming, on multiuser systems you haven't neccessarily got that password, and that's where sudo comes in. sudo *can* be configured to ask for the target users password, or for the current users password. Also, it tends to cache that it's authenticated and the user is allowed to do things, and so after the first sudo, until the timeout, the user can just run sudo again without having to type a password at all.
My main complaint was the mix of sudo *and* su, which is a horrible hack that is not required as sudo has a lovely -i option.
Hope that clears it up a bit...
(in other news, it *is* fairly simple to make it so that su will happily let anyone in the root group su without a password, infact, on a debian install, if you look at /etc/pam.d/su you'll see the (by default disabled) lines to do that. There's also many other things that you can do with PAM... but as always, when it comes to auth, be very very careful!)
Cheers,