[sudo-users] Sudo su - question

JR Aquino JR.Aquino at citrix.com
Tue Sep 6 13:17:57 EDT 2011 

This has since been addressed.

Please look at: http://www.gratisoft.us/sudo/man/1.8.2/sudoreplay.man.html

You can see the entire typing history (key for key, including typo's and backspaces) for someone that issues a sudo bash, or sudo su - etc, etc, etc.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T:  +1 805.690.3478
jr.aquino at citrixonline.com
http://www.citrixonline.com

On Sep 6, 2011, at 6:33 AM, Justin Alcorn wrote:

> Sudo does more than grant you access to root functions.  It also logs
> all commands for auditing.
> 
> Any time you 'sudo su - ', every command after that isn't logged.
> It's like the 18 minutes of blank tape from Nixon's office.  He says
> he didn't say anything important, but nobody KNOWS.
> 
> I tell people EVEN if you are root, prepend every command with 'sudo'.
> That way everything is logged.
> --
> Justin B. Alcorn
> The views expressed here are not necessarily my own, much less anyone else's.
> PGP Fingerprint A36D D691 C5B0 BE15 5A2A AF49 AA1C 372C
> 
> 
> 
> On Tue, Sep 6, 2011 at 6:10 AM, Mister V <badvad at gmail.com> wrote:
>> Hi Sudo group
>> 
>> This is a question to find the correct practice in regards to sudo usage.
>> 
>> I have recently been told sudo bash or sudo su - is bad practice and I
>> should refrain from using this. I am quite insulted by this since if I am
>> administrating a box or working on things that do require root I do not want
>> to keep adding sudo to all my commands.
>> 
>> So the question is for those who have developed it and to try to work out if
>> sudo command is actually the bad practice rather than sudo su -
>> 
>> I have come across this post which does point out the issues of running sudo
>> command rather than sudoing as root.
>> 
>> http://weblog.leapster.org/archives/130-Using-sudo-non-interactively-for-administration-is-potentially-harmful..html
>> 
>> 
>> I would guess there are arguments for and against this method. Could someone
>> more clued up give me their opinion?
>> 
>> Thanks
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>> 
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list