Tomas Hajek <thajek@xxxxxxxxxxxxx> wrote: (BTW, I know that I'm breaking threads, don't complain to me, complain to Earthlink.) > >I have to disagree with "sudo su - is stupid." > Given all of the information in this thread and rethinking my position, I have to agree. You can block this if needed in the sudoers file. Thus a user with sudo privileges could (in theory) be denied the ability to run su. > >If it serves a purpose (as it does for me and others I work with) then I don't see it as being stupid. > >Can I use "su -", sure I can but then I have to remember roots password (do I know it yes, am I allowed to work as root, >yes) but I almost always start working as my regular user and it's far easier and quicker for me to do "sudo su -" (and >enter my password) then it is to use "su -" ( and try to hunt down the root password, we probably have hundreds of >different root passwords depending on which system it is and who admins it ). > One caveat: Your user account should have as strong or stronger password than root. Also, there are somethings in UNIXy systems that can only be done from console and as root (or let's put it this way, should be done.) I know of users that pick weak passwords and then wonder 'what happened' when they are rooted through that account. Best Security Practices at all times. These can be googled, so I won't go there (and to save folks tons of bandwidth.) > [rest deleted] Thank you Tomas for your insight. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
