[sudo-users] Sudo su - question

Mister V badvad at gmail.com
Tue Sep 6 15:10:11 EDT 2011


Thank you very much for sharing with us sudoreplay.

Since if it is for logging purposes then this is now an invalid reason.

Basically my question initially was is it bad practice to be sudo su -
which from all that is said I feel it is not.

Also I was thinking there is possibly a way and I had a quick dig but failed
to make it work (to mess with the bashrc file PS1 line and to add sudo
before the users input so there is no need to keep on retyping it.

In my situation its passwordless so would not make a diff if were running
sudo or not except having the pain to remember to run sudo before typing the
rest of the commands.





On 6 September 2011 18:17, JR Aquino <JR.Aquino at citrix.com> wrote:

> This has since been addressed.
>
> Please look at: http://www.gratisoft.us/sudo/man/1.8.2/sudoreplay.man.html
>
> You can see the entire typing history (key for key, including typo's and
> backspaces) for someone that issues a sudo bash, or sudo su - etc, etc, etc.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jr Aquino, GCIH | Information Security Specialist
> Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
> T:  +1 805.690.3478
> jr.aquino at citrixonline.com
> http://www.citrixonline.com
>
> On Sep 6, 2011, at 6:33 AM, Justin Alcorn wrote:
>
> > Sudo does more than grant you access to root functions.  It also logs
> > all commands for auditing.
> >
> > Any time you 'sudo su - ', every command after that isn't logged.
> > It's like the 18 minutes of blank tape from Nixon's office.  He says
> > he didn't say anything important, but nobody KNOWS.
> >
> > I tell people EVEN if you are root, prepend every command with 'sudo'.
> > That way everything is logged.
> > --
> > Justin B. Alcorn
> > The views expressed here are not necessarily my own, much less anyone
> else's.
> > PGP Fingerprint A36D D691 C5B0 BE15 5A2A AF49 AA1C 372C
> >
> >
> >
> > On Tue, Sep 6, 2011 at 6:10 AM, Mister V <badvad at gmail.com> wrote:
> >> Hi Sudo group
> >>
> >> This is a question to find the correct practice in regards to sudo
> usage.
> >>
> >> I have recently been told sudo bash or sudo su - is bad practice and I
> >> should refrain from using this. I am quite insulted by this since if I
> am
> >> administrating a box or working on things that do require root I do not
> want
> >> to keep adding sudo to all my commands.
> >>
> >> So the question is for those who have developed it and to try to work
> out if
> >> sudo command is actually the bad practice rather than sudo su -
> >>
> >> I have come across this post which does point out the issues of running
> sudo
> >> command rather than sudoing as root.
> >>
> >>
> http://weblog.leapster.org/archives/130-Using-sudo-non-interactively-for-administration-is-potentially-harmful..html
> >>
> >>
> >> I would guess there are arguments for and against this method. Could
> someone
> >> more clued up give me their opinion?
> >>
> >> Thanks
> >> ____________________________________________________________
> >> sudo-users mailing list <sudo-users at sudo.ws>
> >> For list information, options, or to unsubscribe, visit:
> >> http://www.sudo.ws/mailman/listinfo/sudo-users
> >>
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
>
>



More information about the sudo-users mailing list