Date: Thu, 03 Mar 2005 17:56:35 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: Pietro Cerutti <pietro.cerutti@gmail.com> Cc: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: sudo & su Message-ID: <5147B1385074A473CA31D750@utd49554.utdallas.edu> In-Reply-To: <e572718c05030314475384d7e3@mail.gmail.com> References: <e572718c05030313394a3bb5f0@mail.gmail.com> <2F1BC4E1DAFE0EE0733135BA@utd49554.utdallas.edu> <e572718c05030314475384d7e3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Thursday, March 03, 2005 10:47:09 PM +0000 Pietro Cerutti <pietro.cerutti@gmail.com> wrote: > > There isn't any NOPASSWD, but if I give the password the first time, > sudo doesn't ask for it anymore in the next 5 min or so... > Answered by another poster - look at the timeout section of the man page. > > I think I really misunderstood the purpose of sudo. I thought that it > was used to automatically login as root, give a command, and log back > out to user who invoked the command. > So what's the purpose of asking for the password of the actually logged > in user? > With sudo you get *logging* of every command the person using sudo runs. You don't get that if they use su (except for root's .history file.) The purpose of sudo is to allow "normal" users to issue *certain* commands with root privileges *and* to track what they do for accountability purposes. (Who deleted /usr? (*&)(&@#(&@!!!) The timeout is to facilitate the use of the command without having to constantly type your password. Imagine having to type your password every time you issue a command. It would get irritating real quick. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5147B1385074A473CA31D750>