![]() ![]() Where obviously you need to create otheraccount and make sure it has the privileges that are required for performing this particular task. Ideally, you might want to make sure that my_prog runs on a dedicated unprivileged system account then, the syntax would be su otheraccount -c /path/my_prog Running a shell makes sense when you actually require shell features such as wildcard expansion, redirection, etc, or shell builtins like cd. Sh -c "command" is just an inefficient way to run command. #SU VS SUDO PASSWORD#Sudo makes sense if you are running on an unprivileged account, and have been granted the rights to switch to another account (often, but not always, root), usually with the requirement to be able to interactively supply your password (though this can be turned off if you really have to obviously, you need to understand what you are doing before you mess with security-related stuff). Su makes sense if you are root and want to switch to a different account. The correct answer is to simply run your command. echo "root:newword1" | chpasswdĪctually this is looking more like the shadow file.You don't need any of them rc.local runs with root privileges. (if on the command line to avoid adding to history put a space first). There are many ways but this is simplest. use rsync over SSH etc.įinal note is if you want to generate the password file shadow encrypted string in an automated shell etc try this link for more. If FTP is not as secure maybe don't use it anyway. Gelöst hast du das Problem, aber wahrscheinlich noch nicht verstanden. Only thing different from way back is you can't SSH directly to root. habe mal spasseshalber einen neuen user erstellt und der konnte nicht mit dem sudo das su passwort ändern.also problem gelöst. Therefore, it is much safer to use sudo since it doesn't include exchanging sensitive information. The main difference between the two is that su requires the password of the target account, while sudo requires the password of the current user. MasterJames Lesson of the day and every day for many things is: old school was always better, changing perfection is normal but it doesn't make it right. Both su and sudo elevate privileges assigned to the current user. Yes you can still su from the ssh login user after removal from the group. Actually to this point it may still be untrue since man crypt shows 'By taking the lowest 7 bits of each of the first eight characters of the key, a 56-bit key is obtained.' may still only use the first 8 chars anyway, my tests say otherwise so maybe that's another good question about password lengths. If you also double up the length of the passwords (for both accounts) other then an obvious guessable plain doubling so say 16 characters then it's pretty secure. (obviously you would preferable not need to prefix with sudo since you su'ed to root). This is probably the cleanest safest feeling way to do it meaning remove a user from the group sudo. #SU VS SUDO FULL#You will see this difference in the prompt path not having changed to the tilde (aka user's home directory) vs full /home/user path of the user that just su'ed so probably less desirable then sudo su or sudo -s anyway.Īctually root still cant use SSH to login directly by default anyway so it is added security if you eventually disable the original login account from sudoers. It is added security to have a different user that has access then the hacker has to guess the username as well as a password, but you can add back root, and disable the sudoers for the still unknown account, which would be more secure with double passwords and an unknown username.Īnd to disable or lock root again passwd -l root #SU VS SUDO INSTALL#Even though it appears sa for system administrator is no longer included in the ubuntu variant by default (apt install acct), so I guess I mean logically.Īctually I guess I am showing my age with 'sa' but never used it because at the time 'su' was a more direct approach.ĭoing 'su' directly is not possible as you need the root password but the account is disabled by default. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |