[sudo-users] Sudo su - question

Justin Alcorn justin at jalcorn.net
Tue Sep 6 09:33:04 EDT 2011

Sudo does more than grant you access to root functions.  It also logs
all commands for auditing.

Any time you 'sudo su - ', every command after that isn't logged.
It's like the 18 minutes of blank tape from Nixon's office.  He says
he didn't say anything important, but nobody KNOWS.

I tell people EVEN if you are root, prepend every command with 'sudo'.
 That way everything is logged.
Justin B. Alcorn
The views expressed here are not necessarily my own, much less anyone else's.
PGP Fingerprint A36D D691 C5B0 BE15 5A2A AF49 AA1C 372C

On Tue, Sep 6, 2011 at 6:10 AM, Mister V <badvad at gmail.com> wrote:
> Hi Sudo group
> This is a question to find the correct practice in regards to sudo usage.
> I have recently been told sudo bash or sudo su - is bad practice and I
> should refrain from using this. I am quite insulted by this since if I am
> administrating a box or working on things that do require root I do not want
> to keep adding sudo to all my commands.
> So the question is for those who have developed it and to try to work out if
> sudo command is actually the bad practice rather than sudo su -
> I have come across this post which does point out the issues of running sudo
> command rather than sudoing as root.
> http://weblog.leapster.org/archives/130-Using-sudo-non-interactively-for-administration-is-potentially-harmful..html
> I would guess there are arguments for and against this method. Could someone
> more clued up give me their opinion?
> Thanks
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list