Security of using sudo rather than su?
Felipe Alfaro Solana
felipe.alfaro at gmail.com
Thu Sep 14 16:52:30 UTC 2006
> I've read the official explanation of the locked root account [1] and
> it still seems to me that this system can reduce security (in
> comparison with the traditional approach) because an attacker
> (especially a remote attacker) can gain root privileges by cracking
> one password (the main user's) rather than two (since normally root
> isn't allowed to log in over ssh).
>
> Why is this view wrong?
I don't know, but I agree with you:
1. First, I don't allow root login except locally on trusted consoles.
2. Second, I set a password for root.
3. Third, I configure sudo so that user's have to supply root password
(not theirs).
So, in order to get access, you need to guess:
1. One user name
2. That user's password
3. root's password.
More information about the ubuntu-users
mailing list