Question: Question:
1, The "sudo" command can be executed with root privileges without entering the root password, but if you think about it carefully, you can do various things without logging in as root, so it makes a lot of sense. Isn't it?
2, After a little research, it says that the command that can be executed is assigned by visudo, but do you usually specify a folder with a folder name such as / usr /? Where are the commands that can destroy your system?
Is it correct to recognize 1 and 2? I'm not sure how system administrators manage users, so it's not clear to me if I wonder if that's the case. So I would like an explanation, but thank you.
Answer: Answer:
sudo
is
–Requires user password instead of root
password
–Administrator root
decides whether to allow sudo
–Everything you do / try to do with sudo
is logged
Since su
is a substitute user user substitution, the situation is different from the above.
–Need to know the root
password
–Cannot forbid someone who knows the root
password to su
–The one you want to do after su
(no log remains)
Since "system devices are just files" on UNIX, you can destroy the system with any command. That's natural with rm
, and it is possible to destroy the system with dd
or even cat
. Once a knowledgeable person gets the authority, you can do whatever you want from the inside, and if you want to do sabotage, you can not stop with su
or sudo
. In that sense
――It is out of the question to tell the root
password, whether it is an attacker or a well-meaning user.
–Do not give sudo
privileges to potential attackers
–It is not possible to prevent an incompetent ally who is not a malicious attacker from inadvertently breaking the system–but in the first place, such an incompetent ally must be given sudo
authority.
――If it is sudo
, the difference around the log remains is large, and it is certain that sudo
is safer.
# It's easy to clear the system with the log if you have permission …