<div dir="ltr">Good $localtime,<div><br></div><div>in my opinion, the usage of sudo is the better choice for the system.</div><div><br></div><div>1. The usage of the commands used via sudo is tracked and can easily be figured out via the auth.log. </div><div><br></div><div>2. The normal user dont need to use two passwords.</div><div><br></div><div>3. You can still bind the usage to single directories or commands if needed,</div><div><br></div><div>On the other hand, against root usage:</div><div><br></div><div>1. If the root pw is set you need to take care on remote root logins.</div><div><br></div><div>But, anyway,</div><div>maybe we should think about password strength and the requirements to use superuser privileges. Normal user like my parents or my wife :-) dont need the sudo command, i guess ´they dont know of their existence. </div><div>If we add a "trusted user" for the software installation from trusted sources which works without super privileges, or may have granted them on their own, we could reduce the risk.</div><div>And if we furthermore force better passwords, and do not only show that they are week, than we did a huge step.</div><div><br></div><div>On server side i guess we dont need this discussion. Admins use the system in the way they want to, some use sudo, some use su -, i guess there is nothing wrong.</div><div><br></div><div>Maybe we should start a poll :-)</div><div><br></div><div>Just my 2 cents</div><div><br></div><div>Cheers</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Nov 1, 2014 at 3:17 PM, Daniel Curtis <span dir="ltr"><<a href="mailto:sidetripping@gmail.com" target="_blank">sidetripping@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Hi<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">As we know, by default the root account/password <br></div><div class="gmail_default" style="font-family:verdana,sans-serif">is locked in Ubuntu. This, of course, means that user <br></div><div class="gmail_default" style="font-family:verdana,sans-serif">can not login as root or even use the 'su' command. <br></div><div class="gmail_default" style="font-family:verdana,sans-serif">We also have to remember, that the root account <br></div><div class="gmail_default" style="font-family:verdana,sans-serif">physically exists. <br><br>So it is still possible to run programs or execute <br>commands with root privileges (I think about 'sudo'). <br>But as a consequence, there is just one password, <br>right? User use this password to login to the system <br>and to run mentioned programs/commands with root <br>privileges, because of 'sudo'. <br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">I would like to ask whether it would be safer to <br>create e.g. 'wheel' group, so user who is in such <br>group could use 'su -' etc. to become 'root'? Now, <br>there must be two passwords: one for a regular user <br>e.g. for login to the system and for using 'su -' to <br>become 'root' and then use second password <br>- let say - reserved for the super user. <br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Of course, we can restrict the use of 'su' command <br>by e.g. 'pam_wheel.so' etc. Now only member of <br>the group 'wheel' can use the 'su' command. And so on. <br>However 'sudo' still offers simplicity of use, better control <br>such as '/var/log/auth.log' file etc. <br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">I would like to know if it is a good idea - from a security <br></div><div class="gmail_default" style="font-family:verdana,sans-serif">point of view - to have two password instead one "global"? <br></div><div class="gmail_default" style="font-family:verdana,sans-serif">If I remember correctly there is not another Linux distro <br></div><div class="gmail_default" style="font-family:verdana,sans-serif">with locked 'root' account.<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Yes, there are benefits of leaving 'root' logins disabled by <br>default, but what do you think? But maybe it is better to <br>have at least two password and use 'wheel' group?<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Best regards.<br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div></div>
<br>--<br>
ubuntu-hardened mailing list<br>
<a href="mailto:ubuntu-hardened@lists.ubuntu.com">ubuntu-hardened@lists.ubuntu.com</a><br>
<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened</a><br>
<br></blockquote></div><br></div>