One user, two passwords?

Derek Broughton news at pointerstop.ca
Wed Sep 6 14:27:36 BST 2006


Scott Kitterman wrote:

> Sorry.  I can't let this pass....
> 
> All the ways sudo may be more secure start out with a user doing something
> dumb.  More resistant to users forgetting to exit the root account, but
> how is one password away from root access more secure than two passwords
> away from root access?

In a word, logging.  There is no way to make any system that requires only
password access to the superuser harder to access than by giving it _some_
password.  However, logging the access _is_ additional security.

su is not "two passwords away from root access".  From inside your user
account, su or sudo are both exactly one password away.
-- 
derek




More information about the kubuntu-users mailing list