On 22/10/2007, Mac <[EMAIL PROTECTED]> wrote: > I have a single-user system, and - while playing / investigating - I > tried changing my user password. I was interested to notice that this, > rather than root's password was then the one required by 'sudo...'. > > I suppose I'd sort of expected that 'sudo' would require the root > password, and that when needing to act as root (e.g. to use aptitude) > I'd been typing the root password, which just happened to be the same as > the first user on the system, but wouldn't be if that user changed > his/her password.
'su' needs the root password, 'sudo' needs the user's password. This is the security advantage with the 'sudo' command. > So what's the difference, if any, between a user invoking his/her > 'Admin' rights with the 'sudo' command, and what root can do? The /etc/sudoers file. This can limit the commands that the user can run with Admin rights. Root can do anything (unless you have something like SELinux). > Would it be possible / wise (for reasons of security) to remove the > admin rights of the first user on the system, leaving root as the only > user with such rights? (I'm inclined to think not, having set up a > second user without admin rights on another system, and noticing that a > number of 'administrative' menu options did not then appear in the menus.) No it's not a good idea. It's better to use the 'sudo' command from an Admin user, rather than logging in as root. Hope this helps. Hwyl, Neil. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
