Security of using sudo rather than su?
alan at linuxholdings.co.za
Thu Sep 14 09:45:14 UTC 2006
On Thursday 14 September 2006 11:18, Adam Funk wrote:
> I've read the official explanation of the locked root account
>  and it still seems to me that this system can reduce
> security (in comparison with the traditional approach)
> because an attacker (especially a remote attacker) can gain
> root privileges by cracking one password (the main user's)
> rather than two (since normally root isn't allowed to log in
> over ssh).
> Why is this view wrong?
It's not wrong, but it's also not the end of the story - you are
neglecting to consider what happens in a commercial/enterprise
setup, or anything other than a simple personal workstation.
Consider a company's mail server. Traditionally, this would have
a regular root account with a pasword. If an admin needed to do
root stuff, then he'd su and have full root priviledges. The
trouble with su is that it's all or nothing. If you need a
junior person to have elevated permissions on that machine you
have to give him full total unfettered root access AND YOU DO
NOT HAVE MUCH OF A CHOICE ABOUT THIS. Now suddenly you have a
grave security risk - a junior person has complete access to
everything on that machine, not just the stuff you'd like him
to have. sudo allows you to selectively assign root priviledges
on a per user basis.
If you don't like the idea of having just one password for
protection, there are things you can do to decrease the risk:
enforce strong passwords
use ssh keys
limit who is a member of the admin group
limit which machines can ssh in
Once you consider the full picture, which includes the humans
involved and their strange willingness to reveal passwords for
a candy bar, and the increased exposure offered by su, you
quickly see that sudo is a superior system, as long as you
don't do something dumb like set your password to "password".
And this subject has been thoroughly discussed to death on this
mailing list and other places.
More information about the ubuntu-users