With sudo, you do everything that does not require root privileges as a normal user. Then only when you need root privileges do you execute a command as root. Except for the desktop distros, you set a separate root password. Thus users, even with root privileges via sudo, don't know the root password. sudo asks for the users password, not the root password. Unless setup as below, nothing is stopping you from running sudo su - root You can allow specific commands to be run as root. So user x (or group) can only run kill, service, apt-get, etc as root. Every sudo command is logged. On Feb 5, 2008 12:16 PM, Mike Miller <mbmiller at taxa.epi.umn.edu> wrote: > On Tue, 5 Feb 2008, p.daniels wrote: > > > Ubuntu (or any distro that uses the sudo model) makes this very easy. > > There is no root account by default, and the "do this as root" password > > is the password of the original user (you). When you make new users, > > they don't have root access unless you give it to them. I know on Ubuntu > > when you make a new user, the menu items that require root access don't > > even appear in their menus. > > The note above is mostly answering a question I was going to ask here. > Isn't that system weakening security a little bit by essentially making > the root password the same as one of the user passwords? If someone gets > the user password, he also gets root permissions and can do what he > pleases. > > Is there really no root account? On our Ubuntu system there is one: > > $ grep ^root /etc/passwd > > root:x:0:0:root:/root:/bin/bash > > Doesn't there have to be a root account if files are to be owned by root? > > What is the advantage of sudo over su? Does it log activity better? > > Mike > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list >