Security of using sudo rather than su?
a24061 at yahoo.com
Thu Sep 14 12:05:12 UTC 2006
On 2006-09-14, Alan McKinnon <alan at linuxholdings.co.za> wrote:
> It's not wrong, but it's also not the end of the story - you are
> neglecting to consider what happens in a commercial/enterprise
> setup, or anything other than a simple personal workstation.
> Consider a company's mail server. Traditionally, this would have
> a regular root account with a pasword. If an admin needed to do
> root stuff, then he'd su and have full root priviledges. The
> trouble with su is that it's all or nothing. If you need a
> junior person to have elevated permissions on that machine you
> have to give him full total unfettered root access AND YOU DO
> NOT HAVE MUCH OF A CHOICE ABOUT THIS. Now suddenly you have a
> grave security risk - a junior person has complete access to
> everything on that machine, not just the stuff you'd like him
> to have. sudo allows you to selectively assign root priviledges
> on a per user basis.
Absolutely --- that's the sort of situation that sudo was intended
for!, isn't it? But the Ubuntu default --- for the simple personal
workstation --- is
%admin ALL=(ALL) ALL
which is quite different.
> If you don't like the idea of having just one password for
> protection, there are things you can do to decrease the risk:
> enforce strong passwords
> use ssh keys
> limit who is a member of the admin group
> limit which machines can ssh in
> Once you consider the full picture, which includes the humans
> involved and their strange willingness to reveal passwords for
> a candy bar, and the increased exposure offered by su, you
> quickly see that sudo is a superior system, as long as you
> don't do something dumb like set your password to "password".
All good points, of course.
More information about the ubuntu-users