Root login

Raphaël Pinson raphink at ubuntu.com
Mon Dec 11 18:13:32 UTC 2006


On 12/11/06, Art Alexion <art.alexion at verizon.net> wrote:
>
> Sorry, Tez, I don't mean to be difficult.  I LIKE sudo most of the time,
> but...
>
> On Thursday 07 December 2006 16:48, Tez wrote:
> > Art Alexion wrote:
> > > On Thursday 07 December 2006 09:03, Raphaël Pinson wrote:
>
> > >> `sudo -i` and `sudo -s` provide you a root console that lets you use
> > >> this program just the same as if you were logged as user root.
> > >
> > > So if you get a root console, with all of its insecurities, why is
> doing
> > > it that way better than just su?
> >
> > Because,
> > 1) only members of the adm group can get a root shell and
>
> And how is this different/better than only giving admins the root
> password?


Because anytime you can remove people from this group and thus take away
their rights without changing the admin password. If you have a root
account, you have to change the password if you want someone to stop
administrating the machine, and let all the other admins know about the
change.


> 2) you don't have to give out a root password for more than 1 user to
> > run privileged commands.
>
> And letting people use their own password to perform root activities is
> more
> secure than restricting who gets a password because ... ?


For the same reason than the one I just told a few lines up. Just as using
ssh-keys is more secure than using password logins, because you can just
remove the key of a user and he stops getting an access... Easy and secure.


Regards


-- 
  ----------------------------------------------------------------------------------------
Raphaël Pinson - raphink at ichthux.com
http://www.raphink.info
Ichthux - http://www.ichthux.com - Linux for Christians
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20061211/fd011d64/attachment.html>


More information about the kubuntu-users mailing list