Security of using sudo rather than su?
Dennis Kaarsemaker
dennis at kaarsemaker.net
Thu Sep 14 11:58:58 UTC 2006
On do, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
> Dennis Kaarsemaker <dennis at kaarsemaker.net>:
>
> > On do, 2006-09-14 at 10:18 +0100, Adam Funk wrote:
> >> I've read the official explanation of the locked root account [1] and
> >> it still seems to me that this system can reduce security (in
> >> comparison with the traditional approach) because an attacker
> >> (especially a remote attacker) can gain root privileges by cracking
> >> one password (the main user's) rather than two (since normally root
> >> isn't allowed to log in over ssh).
> >>
> >> Why is this view wrong?
> >
> > Because normally, root *can* login over ssh and 'root' is a very
> > well-known username. So sudo actually doubles security by having to
> > guess both a username and a password instead of just a password.
>
> Hm. But you have to guess only one username and one password, while
> without sudo, you have to guess one username and two passwords.
>
> How is the security doubled when using sudo?
Without sudo you have to guess 0 usernames and 1 password.
--
Dennis K.
Time is an illusion, lunchtime doubly so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060914/7fb6b003/attachment.sig>
More information about the ubuntu-users
mailing list