Security of using sudo rather than su?

[Alan McKinnon]

On Thursday 14 September 2006 14:05, Adam Funk wrote:
> > sudo allows you to selectively assign root priviledges
> > on a per user basis.
>
> Absolutely --- that's the sort of situation that sudo was
> intended for!, isn't it?  But the Ubuntu default --- for the
> simple personal workstation --- is
>
>   %admin ALL=(ALL) ALL
>
> which is quite different.

sudo suffers from a flaw as far as easy configuration is 
concerned - there are no sane defaults. i.e. if you try to come 
up with some sane defaults, you won't find any.

It's up to the admin of a machine to consider the users and 
services on the machine and do the right thing for that setup. 
Hence the only possible default - members of the admin group 
can become root and do any root things they wish.

It's a compromise, because Ubuntu has designs on the enterprise 
space. If we think support is a nightmare now with the infernal 
eternal "why can't I su?" questions, imagine what it would be 
like if there was a choice for the su model for some and sudo 
for others.

Besides, security is a relative concept anyway, and those who 
claim that one of these models is better or worse than the 
other just because, usually has no foggiest idea of what they 
are talking about or what happens in real life. By example: 
every personal workstation I have looked into in the last year 
has had the SAME password for the main user and root. EVERY 
SINGLE ONE. The users say they get fed up having to remember 
more than one password. Some of them keep the same password on 
all machines for years...

So there in one fell swoop goes the entire extra security of su. 
Add in that most folk set the hostname to their own user name, 
and the secret username is also moot.

As in see it, the lesson to be learned: to have the full benefit 
of su you have to rig it so that it can't be circumvented.

alan