Re: "su -" and "su" - what is the real difference?

To: debian-security@lists.debian.org
Subject: Re: "su -" and "su" - what is the real difference?
From: be-news06@lina.inka.de (Bernd Eckenfels)
Date: Fri, 28 Jul 2006 18:25:23 +0200
Message-id: <[🔎] E1G6V9P-0006Km-00@calista.eckenfels.net>
In-reply-to: <[🔎] ceb0ad00607280839j645da0aar1f872d99beda7d95@mail.gmail.com>

Michael Marsh <michael.a.marsh@gmail.com> wrote:
> know if it really solves the same problem.  One problem it *does*
> solve is being able to disable the root access of someone who is no
> longer on the admin staff without having to change the root password.

This is better solved by using sudo and not giving out the root password at
all. However both methods are not really ensuring that an admin who once had
root access cannot use one of the backdoors or missconfigurations he has
introduced to gain back that trust level. Unless you really are paranoid in
monitoring your sysadmins, there is no real way to lock them out.

Bernd

Reply to:

References:
- Re: "su -" and "su" - what is the real difference?
  - From: "Michael Marsh" <michael.a.marsh@gmail.com>

Prev by Date: Re: "su -" and "su" - what is the real difference?
Next by Date: Re: "su -" and "su" - what is the real difference?
Previous by thread: Re: "su -" and "su" - what is the real difference?
Next by thread: Re: "su -" and "su" - what is the real difference?
Index(es):
- Date
- Thread