Using sudo to Keep Admins Honest? sudon't!
Harold
hrsawyer at comcast.net
Sat Nov 4 12:21:53 GMT 2006
You know, I never knew this. Where is it documented? (that the default
user is root and you need to set up another user for normal use)
It seems redundant to have root and default user both to do the same things.
?Harold Sawyer
www.SawyerSphere.net
www.centralconnecticutwcg.org
Tristan Wibberley wrote:
> Alexander Jacob Tsykin wrote:
>
>> Firstly, preventing a browser from ebing able to run something as root _is_
>> security, and frankly, him saying that it's not without bothering to explain
>> why is weak, and jsut shows that he has no real argument, and simply dislikes
>> sudo because he considers it inconvenient. If that is that case, jsut type
>> sudo -i and be doen with it. Of course, this removes the advantage of not
>> having root shells ever left unattended, but it does remove the
>> inconvenience.
>>
>
> According to Matt Zimmerman:
>
> "You should consider a user with unlimited sudo privileges to be
> equivalent to root from a security perspective."
>
> So the default user in Ubuntu *is* root, except that sudo just "prompts
> for the user's password as a secondary check which prevents certain
> casual attacks (for example, leaving a session open without locking
> the screen)." - again according to Matt Zimmerman
>
> It is a *huge* misconception that Ubuntu does not run as root by
> default, because for all security related purposes... it does. It is
> trivial to escalate privileges once you have compromised somebody's account.
>
> You should *never* use your default account for day-to-day usage.
> Certainly don't run anything in it that doesn't come from the standard
> repositories.
>
>
More information about the sounder
mailing list