[ubuntu-hardened] RootSudo or not - what's better?

Joerg Stephan joerg.stephan at owasp.org
Sun Nov 2 21:39:14 UTC 2014

Good $localtime,

in my opinion, the usage of sudo is the better choice for the system.

1. The usage of the commands used via sudo is tracked and can easily be
figured out via the auth.log.

2. The normal user dont need to use two passwords.

3. You can still bind the usage to single directories or  commands if

On the other hand, against root usage:

1. If the root pw is set you need to take care on remote root logins.

But, anyway,
maybe we should think about password strength and the requirements to use
superuser privileges. Normal user like my parents or my wife :-) dont need
the sudo command, i guess ´they dont know of their existence.
If we add a "trusted user" for the software installation from trusted
sources which works without super privileges, or may have granted them on
their own, we could reduce the risk.
And if we furthermore force better passwords, and do not only show that
they are week, than we did a huge step.

On server side i guess we dont need this discussion. Admins use the system
in the way they want to, some use sudo, some use su -, i guess there is
nothing wrong.

Maybe we should start a poll :-)

Just my 2 cents


On Sat, Nov 1, 2014 at 3:17 PM, Daniel Curtis <sidetripping at gmail.com>

> Hi
> As we know, by default the root account/password
> is locked in Ubuntu. This, of course, means that user
> can not login as root or even use the 'su' command.
> We also have to remember, that the root account
> physically exists.
> So it is still possible to run programs or execute
> commands with root privileges (I think about 'sudo').
> But as a consequence, there is just one password,
> right? User use this password to login to the system
> and to run mentioned programs/commands with root
> privileges, because of 'sudo'.
> I would like to ask whether it would be safer to
> create e.g. 'wheel' group, so user who is in such
> group could use 'su -' etc. to become 'root'? Now,
> there must be two passwords: one for a regular user
> e.g. for login to the system and for using 'su -' to
> become 'root' and then use second password
> - let say - reserved for the super user.
> Of course, we can restrict the use of 'su' command
> by e.g. 'pam_wheel.so' etc. Now only member of
> the group 'wheel' can use the 'su' command. And so on.
> However 'sudo' still offers simplicity of use, better control
> such as '/var/log/auth.log' file etc.
> I would like to know if it is a good idea - from a security
> point of view - to have two password instead one "global"?
> If I remember correctly there is not another Linux distro
> with locked 'root' account.
> Yes, there are benefits of leaving 'root' logins disabled by
> default, but what do you think? But maybe it is better to
> have at least two password and use 'wheel' group?
> Best regards.
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20141102/2638b315/attachment.html>

More information about the ubuntu-hardened mailing list