Comments by "Scott Franco" (@scottfranco1962) on "Why \"sudo\" when you can just \"su\"?" video.

  1. Actually there are a number of issues with the binary (root/user) permissions method, and note that Windows really copied that system. Its not for nothing that hackers talk about "flipping the permission bit". There is no real reason to have a "super" access to everything. There are a number of ways to improve this. 1. Separate the permissions out by type and have users individually obtain each type (like access to a particular disk tree, for example). 2. Stop requiring applications be installed globally. Most applications can be installed in the user directory, meaning that installers don't need root access. 3. Give users the ability to form sandboxes easily. You are installing software. Why does the installer need root permissions? It only NEEDS permissions to its install directory and perhaps a few other resources. 4. Remove the "flip permissions" ability. The OS should not give every user in the system the ability to boost their access level. A better model is to have processes be able to restrict access, but never add it. Thus the root spawns user logins, and a user process can execute a subprocess with less permissions that that, but no process can boost their access back up again. It means if you want higher level access, you have to use a higher level account. The improvement is that there is no way to increase your access level programmatic ally via the OS. None.
    6
  2. "sudo su". Why? Because I mod the sudoers file to let me sudo without a password, so it is a su without a password.
    1