Security of using sudo rather than su?

[Adam Funk]

On 2006-09-14, Tchize <tchize at myrealbox.com> wrote:

> There is no full proof solution. You can argue the i need two password
> to gain root access in the traditionnal way. I can argue that if i was
> able to retrieve one password, i should anyway be able to retrieve the
> second one as easily. However, if you are concerned about the fact that
> having the user password is enough to gain administrative access, you
> can still configure sudo to request the root password instead of the
> user one. That make sudo with 2 passwords. Also, while su could let any
> user knowing password as root, sudo is strictly limited to a small set
> of users. If your mum's password is 'mum' and someone want to distantly
> go root, your mum account is not enough.

The wheel group seems to be obsolete in GNU/Linux, but you could
restrict su to the admin group the same way wheel used to work --- but
you're certainly right as far as the default configuration is
concerned.


> Personnaly i don't see sudo better neither worse than su. It has
> advantages and disadvantages. However the whole sudo thing bring the
> notion of priviledged user (or local admins), which is important in
> desktop environment where users don't want to play with their account
> and a mysterious 'root'.

So it's more user-friendly and understandable, especially for people
without a *n*x background, and people who want to do it "the
old-fashioned way" can change it from the default.  Good point.