Security of using sudo rather than su?

Dennis Kaarsemaker dennis at kaarsemaker.net
Thu Sep 14 11:58:58 UTC 2006


On do, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
> Dennis Kaarsemaker <dennis at kaarsemaker.net>:
> 
> > On do, 2006-09-14 at 10:18 +0100, Adam Funk wrote:
> >> I've read the official explanation of the locked root account [1] and
> >> it still seems to me that this system can reduce security (in
> >> comparison with the traditional approach) because an attacker
> >> (especially a remote attacker) can gain root privileges by cracking
> >> one password (the main user's) rather than two (since normally root
> >> isn't allowed to log in over ssh).
> >> 
> >> Why is this view wrong?
> > 
> > Because normally, root *can* login over ssh and 'root' is a very
> > well-known username. So sudo actually doubles security by having to
> > guess both a username and a password instead of just a password.
> 
> Hm. But you have to guess only one username and one password, while
> without sudo, you have to guess one username and two passwords.
> 
> How is the security doubled when using sudo?

Without sudo you have to guess 0 usernames and 1 password.
-- 
Dennis K.

Time is an illusion, lunchtime doubly so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060914/7fb6b003/attachment.pgp>


More information about the ubuntu-users mailing list