From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Nlt6S-0001a0-6V for garchives@archives.gentoo.org; Mon, 01 Mar 2010 00:03:16 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A189CE09B3 for ; Mon, 1 Mar 2010 00:03:14 +0000 (UTC) Received: from mail-ew0-f222.google.com (mail-ew0-f222.google.com [209.85.219.222]) by pigeon.gentoo.org (Postfix) with ESMTP id 73A98E0B7C for ; Sun, 28 Feb 2010 23:09:58 +0000 (UTC) Received: by ewy22 with SMTP id 22so1280886ewy.26 for ; Sun, 28 Feb 2010 15:09:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=aEXyu/ch4nHxSN07XelpdTj9Iq+u54dv7ErJr5LDMes=; b=xg1x4QLXGssiND1e+XkfhWMdQIvqVH1HeQMsxxNx6cPWCuJcApu+vk9g/NfKXwcju0 c7qDwtQ7Fo3BelYgfrGNqqlLg/Wv6ddPWsrbO9Y/3uSFilst90HEtHVf0i7VbR1Mp+A5 CDGxoLyCryEAWsqWQmsHnLsTpA5iq0vB+XLUg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=QSXXtFwhwWR3nGNAtetp9O+yQO0QOFys3edgfCZ5mGowfKUSseIVTYW9cT+mlzhB+x EajiZQmnqOFuFqGS3U6DQKm0zgKneGeTrvw6abAAQlt9d288v2BH1/qRiF57qA9YBLNx KnzgC72ZDarINX3KZyzIqNapbgwynfZnJjWgE= Received: by 10.213.100.161 with SMTP id y33mr2558152ebn.27.1267398597760; Sun, 28 Feb 2010 15:09:57 -0800 (PST) Received: from nazgul.localnet (196-210-238-8.dynamic.isadsl.co.za [196.210.238.8]) by mx.google.com with ESMTPS id 14sm1881923ewy.2.2010.02.28.15.09.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 28 Feb 2010 15:09:56 -0800 (PST) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Manual pages (man pages) have ESC all through them when having used sudo. Date: Mon, 1 Mar 2010 01:07:21 +0200 User-Agent: KMail/1.13.0 (Linux/2.6.32-zen6; KDE/4.4.0; x86_64; ; ) References: <4B89E9B0.3040505@gmail.com> <201003010016.14284.alan.mckinnon@gmail.com> <20100228225717.GA1485@linux1> In-Reply-To: <20100228225717.GA1485@linux1> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201003010107.21240.alan.mckinnon@gmail.com> X-Archives-Salt: 92c628d2-3ce5-4f44-8bdf-13743140c779 X-Archives-Hash: f3176b9ddbd190e295e20d9f47484fc1 On Monday 01 March 2010 00:57:17 William Hubbs wrote: > On Mon, Mar 01, 2010 at 12:16:14AM +0200, Alan McKinnon wrote: > > "sudo su" and "su" have a fundamental difference, vital in corporate > > networks: > > > > The former uses the user's password for authentication and sudoers for > > authorization. The latter uses knowledge of the root password for > > authorization and authentication. See my other post in this thread. > > Actually, what you just said about "sudo su" applies only to "sudo". > When you run "sudo su", what you are doing is running sudo then > authenticating to it, and running su, as root, after you authenticate > to sudo. You misunderstand my intent. To get root via sudo, you authenticate using the user's Unix account. The emphasis here is on what sudo does, not the intricate subtleties of what it does with the subsequent su, or any other variation of the same. I don't want to start a pointless semantic argument on this, just realize it's all about sudo and the following "su" is a mere example (other things could have sufficed, I used that one) > > > On the work servers I enforce "sudo su" > > Actually, you could just have people use "sudo -i" or "sudo -s" if they > want a shell with root access. If they want to run a program with root > privileges and the root environment, they can use "sudo -i command". > > William Don't read my post as literally meaning they must type the 7 characters "sudo su". Read it more as "use any feature of sudo you feel like to get a root shell, but you must use sudo. As opposed to using su alone". -- alan dot mckinnon at gmail dot com