From owner-freebsd-questions@FreeBSD.ORG  Thu Mar  3 23:56:36 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C0CF716A4CE
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Mar 2005 23:56:36 +0000 (GMT)
Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 85D0443D2F
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Mar 2005 23:56:36 +0000 (GMT)
	(envelope-from pauls@utdallas.edu)
Received: from utd49554 (utd49554.utdallas.edu [129.110.3.85])
	by smtp1.utdallas.edu (Postfix) with ESMTP id 33562388DC9;
	Thu,  3 Mar 2005 17:56:36 -0600 (CST)
Date: Thu, 03 Mar 2005 17:56:35 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: Pietro Cerutti <pietro.cerutti@gmail.com>
Message-ID: <5147B1385074A473CA31D750@utd49554.utdallas.edu>
In-Reply-To: <e572718c05030314475384d7e3@mail.gmail.com>
References: <e572718c05030313394a3bb5f0@mail.gmail.com>	
 <2F1BC4E1DAFE0EE0733135BA@utd49554.utdallas.edu>
 <e572718c05030314475384d7e3@mail.gmail.com>
X-Mailer: Mulberry/3.1.6 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
cc: FreeBSD <freebsd-questions@freebsd.org>
Subject: Re: sudo & su
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Paul Schmehl <pauls@utdallas.edu>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2005 23:56:36 -0000

--On Thursday, March 03, 2005 10:47:09 PM +0000 Pietro Cerutti 
<pietro.cerutti@gmail.com> wrote:
>
> There isn't any NOPASSWD, but if I give the password the first time,
> sudo doesn't ask for it anymore in the next 5 min or so...
>
Answered by another poster - look at the timeout section of the man page.
>
> I think I really misunderstood the purpose of sudo. I thought that it
> was used to automatically login as root, give a command, and log back
> out to user who invoked the command.
> So what's the purpose of asking for the password of the actually logged
> in user?
>
With sudo you get *logging* of every command the person using sudo runs. 
You don't get that if they use su (except for root's .history file.)

The purpose of sudo is to allow "normal" users to issue *certain* commands 
with root privileges *and* to track what they do for accountability 
purposes.  (Who deleted /usr? (*&)(&@#(&@!!!)

The timeout is to facilitate the use of the command without having to 
constantly type your password.  Imagine having to type your password every 
time you issue a command.  It would get irritating real quick.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu